CRITICAL🇵🇱 Wersja polska

CVE-2023-26785

CVSS 9.8v3.1pub. 2024-10-17upd. 2025-07-10

MariaDB v10.5 was discovered to contain a remote code execution (RCE) vulnerability via UDF Code in a Shared Object File, followed by a "create function" statement. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed.

🤖 AI Analysis
How it works

An attacker with access to the MariaDB server can place a malicious shared file (library .so) containing UDF code, and then register it in the database using the 'CREATE FUNCTION' command. When this function is executed, the malicious code is run in the context of the database server process. MariaDB Foundation disputes the classification as a vulnerability, arguing that there is no privilege escalation — meaning the technique requires having appropriate permissions in the database.

Impact

An attacker can obtain remote code execution (RCE) on the server hosting MariaDB, potentially taking full control of the operating system, including access to sensitive data and the ability to modify or destroy resources.

Mitigation & patch

Patches available from the vendor should be applied according to references. Due to the disputed nature of the vulnerability, it is recommended to apply the principle of least privilege for database accounts, limit the ability to load external UDF libraries, and implement restrictive access control to the MariaDB server.

Who is affected

MariaDB version 10.5

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • MariaDB

    APP
    Mariadb
    10.5.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2026-49261CRITICAL10.0PL ✓ten sam produkt

MariaDB: command injection przez wsrep_notify_cmd w nazwie węzła Galera

CVE-2020-15180CRITICAL9.0ten sam produkt

A flaw was found in the mysql-wsrep component of mariadb. Lack of input sanitization in `wsrep_sst_method` all...

CVE-2016-9843CRITICAL9.8ten sam produkt

The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified im...

CVE-2016-6662CRITICAL9.8ten sam produkt

Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x bef...

CVE-2026-44168HIGH8.0ten sam produkt

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 ...