Description
Bitnami MariaDB Galera container images and Helm chart are affected by a hardcoded default credential vulnerability in the Galera replication health-check user. The MARIADB_REPLICATION_USER and MARIADB_REPLICATION_PASSWORD environment variables defaulted to monitor and monitor respectively. This user is granted REPLICATION CLIENT privileges from any host ('%'). The Bitnami Helm chart for MariaDB Galera did not expose parameters to configure this user's credentials, resulting in all chart deployments using this publicly known credential by default.

Affected versions — Container image: 10.6.x prior to 10.6.27-photon-5-r0; 10.11.x prior to 10.11.17-photon-5-r1; 11.4.x prior to 11.4.12-photon-5-r0; 11.8.x prior to 11.8.7-photon-5-r1; 12.3.x prior to 12.3.2-photon-5-r0 / 12.3.2-debian-12-r0. Helm chart: prior to 18.3.0.
Published: 2026-06-18
Score: 5.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A hardcoded default credential is applied to the Galera replication health‑check user in Bitnami MariaDB Galera container images and Helm chart. The user is created with the nickname "monitor" and password "monitor" and is granted REPLICATION CLIENT privileges from any network host. This flaw allows an attacker to authenticate as a user with replication monitoring rights and thereby read replication status. Based on the description, it is inferred that an attacker could enumerate cluster nodes or gather metadata for subsequent attacks.

Affected Systems

The vulnerability affects Bitnami MariaDB Galera builds and the related Helm chart. Containers built on versions 10.6.x prior to 10.6.27-photon-5-r0, 10.11.x prior to 10.11.17-photon-5-r1, 11.4.x prior to 11.4.12-photon-5-r0, 11.8.x prior to 11.8.7-photon-5-r1, and 12.3.x prior to 12.3.2-photon-5-r0 / 12.3.2-debian-12-r0 are affected. The Helm chart prior to version 18.3.0 also deploys the vulnerable default credentials.

Risk and Exploitability

With a CVSS base score of 5.3 the vulnerability presents moderate risk. The EPSS score is not available, but the flaw is publicly documented and static, providing an attacker with easily guessable credentials. The vulnerability is not listed in CISA's KEV catalog, so no known mass exploitation has been reported yet. Attackers could gain replication client access from any host. Exploitation requires only network connectivity to the MariaDB service and the use of the default credentials.

Generated by OpenCVE AI on June 18, 2026 at 22:03 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Bitnami MariaDB Galera container image or Helm chart to a version where default credentials are removed or randomized.
  • If an upgrade is not immediately possible, modify the deployment to override the MARIADB_REPLICATION_USER and MARIADB_REPLICATION_PASSWORD environment variables with strong, unique values in the Helm values.yaml or container environment.
  • Restrict inbound connections to the MariaDB service to trusted hosts or configure a firewall rule to allow replication-client traffic only from approved IP ranges.
  • Revoke the default monitor user’s REPLICATION CLIENT privilege after applying a custom user with only necessary permissions.

Generated by OpenCVE AI on June 18, 2026 at 22:03 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 18 Jun 2026 22:30:00 +0000

Type Values Removed Values Added
Title Hardcoded Default Credentials for MariaDB Galera Replication User

Thu, 18 Jun 2026 21:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 18 Jun 2026 19:45:00 +0000

Type Values Removed Values Added
Description Bitnami MariaDB Galera container images and Helm chart are affected by a hardcoded default credential vulnerability in the Galera replication health-check user. The MARIADB_REPLICATION_USER and MARIADB_REPLICATION_PASSWORD environment variables defaulted to monitor and monitor respectively. This user is granted REPLICATION CLIENT privileges from any host ('%'). The Bitnami Helm chart for MariaDB Galera did not expose parameters to configure this user's credentials, resulting in all chart deployments using this publicly known credential by default. Affected versions — Container image: 10.6.x prior to 10.6.27-photon-5-r0; 10.11.x prior to 10.11.17-photon-5-r1; 11.4.x prior to 11.4.12-photon-5-r0; 11.8.x prior to 11.8.7-photon-5-r1; 12.3.x prior to 12.3.2-photon-5-r0 / 12.3.2-debian-12-r0. Helm chart: prior to 18.3.0.
Weaknesses CWE-798
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: vmware

Published:

Updated: 2026-06-18T20:24:27.928Z

Reserved: 2026-05-20T10:00:53.146Z

Link: CVE-2026-47847

cve-icon Vulnrichment

Updated: 2026-06-18T20:24:24.115Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T22:15:04Z

Weaknesses
  • CWE-798

    Use of Hard-coded Credentials