MariaDB Galera Cluster Parameter Injection Fix in wsrep_sst_rsync (MDEV-99619)

Vulnerability Overview Vulnerability Name: wsrep_sst_rsync.sh: apply safe() to joiner-supplied parameters Type: Bug Priority: Critical Status: Closed Affected Versions: 13.0 Fixed Versions: 10.6.27, 10.11.18 Component: Authentication and Privilege System, security Tags: Can result in unexpected behaviour Scope of Impact Description: In , if the values of and provided by the joiner are not validated before being inserted into the stunnel configuration and rsync magic file written by the donor, a parameter injection vulnerability exists. This may lead to unexpected behavior. Specific Impact: This vulnerability may result in additional lines appearing in the stunnel configuration and rsync magic file written by the donor, potentially affecting system security and stability. Remediation Solution: The vulnerability is closed by applying the function in rsync interpolation. The function is also extended to reject labels and line breaks, ensuring that multi-line values cannot persist in configuration files. Related Code: Additional Information Created: 2026-05-18 10:31 Updated: 5 days ago 13:33 Resolved: 2026-05-20 21:16 Assignee: Hemant Dangi Reporter: Hemant Dangi Related Links Related Issues: - MDEV-99619 Galera Cluster-pest > Donor command execution (CLOSED) - MDEV-99674 Galera Cluster-pest > Donor command execution (CLOSED) - MDEV-99721 wsrep_notify_cmd should sanitize peer-supplied ... (CLOSED) Git Integration Rendering Error: The Git integration section fails to render correctly due to a Jira plugin issue. Please contact the Jira administrator. --- The above is a summary of the key information regarding the vulnerability.

Goal Reached Thanks to every supporter — we hit 100%!

MariaDB Galera Cluster Parameter Injection Fix in wsrep_sst_rsync (MDEV-99619)