THE article discusses critical vulnerabilities in the MariaDB server, highlighting three major flaws (CVE-2026-48163, CVE-2026-48165, CVE-2026-49261) with the highest severity rating of 10.0 (CVSSv3). These vulnerabilities allow attackers to execute arbitrary shell commands on affected nodes, posing significant risks to database security. The issues arise during data synchronization processes, particularly within Galera clusters. Currently, there is no confirmed exploitation of these vulnerabilities.
To mitigate the risks, it is recommended that system administrators update to the patched versions (10.6.27, 10.11.18, 11.4.12, 11.8.8, 12.3.2) immediately. Temporary workarounds include disabling certain features and scripts.