CVE-2026-44169— MariaDB: Authorization bypass in role-based routine-level privilege check exposes stored routine definitions
Possible ATT&CK Techniques 1AI
T1530 · Data from Cloud StorageGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-44169
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
MariaDB: Authorization bypass in role-based routine-level privilege check exposes stored routine definitions
Source: NVD (National Vulnerability Database)
Vulnerability Description
MariaDB server is a community developed fork of MySQL server. From versions 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, a user getting EXECUTE access to a stored routine via a role, could see the routine definition even without SHOW CREATE ROUTINE privilege. This issue has been patched in versions 11.4.11, 11.8.7, and 12.3.2.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
授权机制不正确
Source: NVD (National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-44169
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-44169
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-44169 (1)
Other References for CVE-2026-44169 (1)
Same Patch Batch · MariaDB · 2026-06-12 · 8 CVEs total
| CVE-2026-48165 | 8.0 HIGH | MariaDB: unsafe usage of `wsrep_sst_receive_address` values on the joiner side |
| CVE-2026-48163 | 8.0 HIGH | MariaDB: wsrep SST unsafe parameter handling on the donor side (rsync) |
| CVE-2026-44168 | 8.0 HIGH | MariaDB: wsrep SST unsafe parameter handling on the donor side |
| CVE-2026-44171 | 6.3 MEDIUM | MariaDB: path traversal in mbstream |
| CVE-2026-44173 | 5.0 MEDIUM | MariaDB: FILE privilege was not checked for subqueries in the FROM clause |
| CVE-2026-44170 | MariaDB: Argument injection in CONNECT REST Xcurl on Windows via unsanitized URL | |
| CVE-2026-44172 | MariaDB: mysql_real_escape_string() incorrectly handled big5 |
IV. Related Vulnerabilities
Same product: server
- CVE-2026-48165
MariaDB: unsafe usage of `wsrep_sst_receive_address` values - CVE-2026-48163
MariaDB: wsrep SST unsafe parameter handling on the donor si - CVE-2026-44173
MariaDB: FILE privilege was not checked for subqueries in th - CVE-2026-44172
MariaDB: mysql_real_escape_string() incorrectly handled big5 - CVE-2026-44171
MariaDB: path traversal in mbstream
Same vendor: MariaDB
- CVE-2026-48165
MariaDB: unsafe usage of `wsrep_sst_receive_address` values - CVE-2026-48163
MariaDB: wsrep SST unsafe parameter handling on the donor si - CVE-2026-44173
MariaDB: FILE privilege was not checked for subqueries in th - CVE-2026-44172
MariaDB: mysql_real_escape_string() incorrectly handled big5 - CVE-2026-44171
MariaDB: path traversal in mbstream
Same weakness: CWE-863
- CVE-2026-2470
Pagelayer <= 2.0.9 - Incorrect Authorization to Authenticate - CVE-2026-53834
OpenClaw < 2026.4.27 - Authorization Bypass in QQBot Pre-dis - CVE-2026-53835
OpenClaw < 2026.5.6 - Config-Write Enforcement Bypass in Fei - CVE-2026-53828
OpenClaw < 2026.5.6 - Native Command Authorization Bypass vi - CVE-2026-54398
MISP object edit authorization bypass allows unauthorized sh
V. Comments for CVE-2026-44169
No comments yet