CVE-2026-32710 PUBLISHED

Heap-based Buffer Overflow in MariaDB

Assigner: GitHub_M
Reserved: 13.03.2026 Published: 20.03.2026 Updated: 20.03.2026

MariaDB server is a community developed fork of MySQL server. An authenticated user can crash MariaDB versions 11.4 before 11.4.10 and 11.8 before 11.8.6 via a bug in JSON_SCHEMA_VALID() function. Under certain conditions it might be possible to turn the crash into a remote code execution. These conditions require tight control over memory layout which is generally only attainable in a lab environment. This issue is fixed in MariaDB 11.4.10, MariaDB 11.8.6, and MariaDB 12.2.2.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
CVSS Score: 8.6

Attack Vector	Network	Scope	Changed
Attack Complexity	High	Confidentiality Impact	High
Privileges Required	Low	Integrity Impact	High
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	MariaDB
Product	server
Versions	Version >= 11.4.1, < 11.4.10 is affected Version >= 11.8.1, < 11.8.6 is affected Version >= 12.1.2, < 12.2.2 is affected

References

Problem Types

CWE-122: Heap-based Buffer Overflow CWE