Description
MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, MariaDB allowed SELECT ... INTO OUTFILE and SELECT ... INTO DUMPFILE without verifying the FILE privilege if the FROM clause contained only subqueries. This issue has been patched in versions 10.6.26, 10.11.17, 11.4.11, 11.8.7, and 12.3.2.
Published: 2026-06-12
Score: 5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

MariaDB allows the SELECT … INTO OUTFILE or SELECT … INTO DUMPFILE statements to write a file when the FROM clause contains only subqueries, without checking that the caller has the FILE privilege. This omission lets an attacker with SELECT rights create or overwrite arbitrary files on the database server, potentially enabling further compromise or persistence. The flaw is a violation of proper access control (CWE‑863).

Affected Systems

MariaDB server versions 10.6.1 through 10.6.25, 10.11.1 through 10.11.16, 11.4.1 through 11.4.10, 11.8.1 through 11.8.6, and 12.3.1 are affected. The issue was fixed in 10.6.26, 10.11.17, 11.4.11, 11.8.7, and 12.3.2.

Risk and Exploitability

The CVSS score of 5 indicates moderate severity, and the EPSS score of less than 1% shows a very low probability of exploitation. The vulnerability is not listed in CISA KEV, and publicly known exploitation is not reported. Real‑world impact would require an attacker to have database SELECT privileges; there is no remote code execution vector, but the ability to write arbitrary files could lead to privilege escalation or other attacks if privileged directories are writable.

Generated by OpenCVE AI on June 12, 2026 at 19:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update MariaDB to a patched version (10.6.26+, 10.11.17+, 11.4.11+, 11.8.7+, or 12.3.2+).
  • If an immediate upgrade is not possible, restrict unprivileged users from executing SELECT … INTO OUTFILE or SELECT … INTO DUMPFILE, or consider disabling these statements via configuration or application logic.
  • Apply appropriate file system permissions or role‑based access controls to prevent unwarranted write access to critical directories, and monitor database logs for suspicious file creation activity.

Generated by OpenCVE AI on June 12, 2026 at 19:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 12 Jun 2026 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Mariadb
Mariadb server
Vendors & Products Mariadb
Mariadb server

Fri, 12 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 12 Jun 2026 18:00:00 +0000

Type Values Removed Values Added
Description MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, MariaDB allowed SELECT ... INTO OUTFILE and SELECT ... INTO DUMPFILE without verifying the FILE privilege if the FROM clause contained only subqueries. This issue has been patched in versions 10.6.26, 10.11.17, 11.4.11, 11.8.7, and 12.3.2.
Title MariaDB: FILE privilege was not checked for subqueries in the FROM clause
Weaknesses CWE-863
References
Metrics cvssV3_1

{'score': 5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L'}

Subscriptions

Mariadb Server
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-06-12T18:03:34.244Z

Reserved: 2026-05-05T14:39:34.923Z

Link: CVE-2026-44173

cve-icon Vulnrichment

Updated: 2026-06-12T18:03:30.744Z

cve-icon NVD

Status : Received

Published: 2026-06-12T18:16:34.257

Modified: 2026-06-12T18:16:34.257

Link: CVE-2026-44173

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-12T20:00:18Z

Weaknesses