CVE-2026-44170— MariaDB: Argument injection in CONNECT REST Xcurl on Windows via unsanitized URL
Possible ATT&CK Techniques 1AI
T1059 · Command and Scripting InterpreterGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-44170
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
MariaDB: Argument injection in CONNECT REST Xcurl on Windows via unsanitized URL
Source: NVD (National Vulnerability Database)
Vulnerability Description
MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, MariaDB on WIndows with installed CONNECT engine and enabled REST support interpolated table HTTP attribute into the curl command line without proper sanitizing. This allows the user to execute shell commands on the server. This issue has been patched in versions 10.6.26, 10.11.17, 11.4.11, 11.8.7, and 12.3.2.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Source: NVD (National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-44170
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-44170
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-44170 (2)
Same Patch Batch · MariaDB · 2026-06-12 · 8 CVEs total
| CVE-2026-48165 | 8.0 HIGH | MariaDB: unsafe usage of `wsrep_sst_receive_address` values on the joiner side |
| CVE-2026-48163 | 8.0 HIGH | MariaDB: wsrep SST unsafe parameter handling on the donor side (rsync) |
| CVE-2026-44168 | 8.0 HIGH | MariaDB: wsrep SST unsafe parameter handling on the donor side |
| CVE-2026-44171 | 6.3 MEDIUM | MariaDB: path traversal in mbstream |
| CVE-2026-44173 | 5.0 MEDIUM | MariaDB: FILE privilege was not checked for subqueries in the FROM clause |
| CVE-2026-44169 | 4.3 MEDIUM | MariaDB: Authorization bypass in role-based routine-level privilege check exposes stored r |
| CVE-2026-44172 | MariaDB: mysql_real_escape_string() incorrectly handled big5 |
IV. Related Vulnerabilities
Same product: server
- CVE-2026-48165
MariaDB: unsafe usage of `wsrep_sst_receive_address` values - CVE-2026-48163
MariaDB: wsrep SST unsafe parameter handling on the donor si - CVE-2026-44173
MariaDB: FILE privilege was not checked for subqueries in th - CVE-2026-44172
MariaDB: mysql_real_escape_string() incorrectly handled big5 - CVE-2026-44171
MariaDB: path traversal in mbstream
Same vendor: MariaDB
- CVE-2026-48165
MariaDB: unsafe usage of `wsrep_sst_receive_address` values - CVE-2026-48163
MariaDB: wsrep SST unsafe parameter handling on the donor si - CVE-2026-44173
MariaDB: FILE privilege was not checked for subqueries in th - CVE-2026-44172
MariaDB: mysql_real_escape_string() incorrectly handled big5 - CVE-2026-44171
MariaDB: path traversal in mbstream
Same weakness: CWE-78
- CVE-2026-11527
Config::IniFiles versions before 3.001000 for Perl allow OS - CVE-2026-11526
GD versions before 2.86 for Perl allow OS command injection - CVE-2026-46716
Nezha Monitoring: RoleMember can run shell on every server ( - CVE-2026-42853
@apostrophecms/cli: Command Injection in apos create via Uns - CVE-2026-48165
MariaDB: unsafe usage of `wsrep_sst_receive_address` values
V. Comments for CVE-2026-44170
No comments yet