CVE-2026-44171— MariaDB: path traversal in mbstream
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-44171
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
MariaDB: path traversal in mbstream
Source: NVD (National Vulnerability Database)
Vulnerability Description
MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, mbstream did not check for /../ in the path when unpacking the archive. A proper backup can never contain such paths, but a specially crafted archive could have caused mbstream to create files outside of the target-dir path. This issue has been patched in versions 10.6.26, 10.11.17, 11.4.11, 11.8.7, and 12.3.2.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Source: NVD (National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-44171
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-44171
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-44171 (2)
- 🔗 path traversal in mbstream · Advisory · MariaDB/server · GitHub Read full article x_refsource_CONFIRM
Same Patch Batch · MariaDB · 2026-06-12 · 8 CVEs total
| CVE-2026-48165 | 8.0 HIGH | MariaDB: unsafe usage of `wsrep_sst_receive_address` values on the joiner side |
| CVE-2026-48163 | 8.0 HIGH | MariaDB: wsrep SST unsafe parameter handling on the donor side (rsync) |
| CVE-2026-44168 | 8.0 HIGH | MariaDB: wsrep SST unsafe parameter handling on the donor side |
| CVE-2026-44173 | 5.0 MEDIUM | MariaDB: FILE privilege was not checked for subqueries in the FROM clause |
| CVE-2026-44169 | 4.3 MEDIUM | MariaDB: Authorization bypass in role-based routine-level privilege check exposes stored r |
| CVE-2026-44170 | MariaDB: Argument injection in CONNECT REST Xcurl on Windows via unsanitized URL | |
| CVE-2026-44172 | MariaDB: mysql_real_escape_string() incorrectly handled big5 |
IV. Related Vulnerabilities
Same product: server
- CVE-2026-48165
MariaDB: unsafe usage of `wsrep_sst_receive_address` values - CVE-2026-48163
MariaDB: wsrep SST unsafe parameter handling on the donor si - CVE-2026-44173
MariaDB: FILE privilege was not checked for subqueries in th - CVE-2026-44172
MariaDB: mysql_real_escape_string() incorrectly handled big5 - CVE-2026-44169
MariaDB: Authorization bypass in role-based routine-level pr
Same vendor: MariaDB
- CVE-2026-48165
MariaDB: unsafe usage of `wsrep_sst_receive_address` values - CVE-2026-48163
MariaDB: wsrep SST unsafe parameter handling on the donor si - CVE-2026-44173
MariaDB: FILE privilege was not checked for subqueries in th - CVE-2026-44172
MariaDB: mysql_real_escape_string() incorrectly handled big5 - CVE-2026-44169
MariaDB: Authorization bypass in role-based routine-level pr
Same weakness: CWE-22
- CVE-2026-49766
WordPress WP User Manager plugin <= 2.9.16 - Arbitrary File - CVE-2026-49061
WordPress WPC Product Options for WooCommerce plugin <= 3.2. - CVE-2026-40779
WordPress Link Library plugin <= 7.8.8 - Arbitrary File Dele - CVE-2026-40769
WordPress Contact Form Extender for Divi – Save Entries, Fil - CVE-2026-40727
WordPress Groundhogg plugin <= 4.4 - Arbitrary File Deletion
V. Comments for CVE-2026-44171
No comments yet