CVE-2026-44172
MariaDB: mysql_real_escape_string() incorrectly handled big5
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
8th
MariaDB server is a community developed fork of MySQL server. In versions 3.3.18 and 3.4.8, an application that was taking non-validated user input, escaping it with mysql_real_escape_string() and sending it to the database using text protocol and big5 character set was vulnerable to SQL injections, even though mysql_real_escape_string() was supposed to prevent them. This issue has been patched in versions 3.3.19 and 3.4.9.
| CWE | CWE-89 |
| Vendor | mariadb |
| Product | server |
| Published | Jun 12, 2026 |
Stay Ahead of the Next One
Get instant alerts for mariadb server
Be the first to know when new unknown vulnerabilities affecting mariadb server are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
MariaDB / server
= 3.3.18 = 3.4.8