CVE-2026-3494
MEDIUM EPSS 19.1%
Published Mar 3, 20264mo ago · Modified Mar 16, 20263mo ago
5.3 CVSS 4.0
Published Mar 3, 2026 4mo ago
Last Modified Mar 16, 2026 3mo ago
Description
In MariaDB server version through 11.8.5, when server audit plugin is enabled with server_audit_events variable configured with QUERY_DCL, QUERY_DDL, or QUERY_DML filtering, if an authenticated database user invokes a SQL statement prefixed with double-hyphen (—) or hash (#) style comments, the statement is not logged.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope X
Threat Intelligence
EPSS Exploit Probability
19.1% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-778
Affected Products 15
| Vendor | Product | Version | Range |
|---|---|---|---|
| mariadb | mariadb | * | ≤10.6.24 |
| mariadb | mariadb | * | ≥10.7.0 – ≤10.11.15 |
| mariadb | mariadb | * | ≥11.0.0 – ≤11.4.9 |
| mariadb | mariadb | * | ≥11.5.0 – ≤11.8.5 |
| amazon | aurora_mysql | * | ≤2.12.5 |
| amazon | aurora_mysql | * | ≥3.01.0 – ≤3.04.5 |
| amazon | aurora_mysql | * | ≥3.05.1 – ≤3.10.2 |
| amazon | aurora_mysql | 3.11.0 | any |
| amazon | relational_database_service | * | ≤5.7.44-rds.20251212 |
| amazon | relational_database_service | * | ≤10.6.24 |
| amazon | relational_database_service | * | ≥8.0.11 – ≤8.0.44 |
| amazon | relational_database_service | * | ≥8.4.3 – ≤8.4.7 |
| amazon | relational_database_service | * | ≥10.11.4 – ≤10.11.15 |
| amazon | relational_database_service | * | ≥11.4.3 – ≤11.4.9 |
| amazon | relational_database_service | * | ≥11.8.3 – ≤11.8.5 |
References 3
- aws.amazon.com https://aws.amazon.com/security/security-bulletins/2026-006-AWS/
- github.com https://github.com/MariaDB/server/commit/635559a2ad68a5a6d1a354e8209c58323dba0261
- github.com https://github.com/aws/audit-plugin-for-mysql/commit/01e25a5cb1073f131eea774c06c8a056b1e4b2ff
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.