AZL-79550

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-79550.json

JSON Data

https://api.osv.dev/v1/vulns/AZL-79550

Upstream

CVE-2026-3494

Published

2026-03-03T20:16:50Z

Modified

2026-04-21T04:34:46.573938Z

Summary

CVE-2026-3494 affecting package mariadb 10.11.15-1

Details

In MariaDB server version through 11.8.5, when server audit plugin is enabled with serverauditevents variable configured with QUERYDCL, QUERYDDL, or QUERY_DML filtering, if an authenticated database user invokes a SQL statement prefixed with double-hyphen (—) or hash (#) style comments, the statement is not logged.

References

https://nvd.nist.gov/vuln/detail/CVE-2026-3494

Affected packages

Azure Linux:3 / mariadb

Package

Name: mariadb
Purl: pkg:rpm/azure-linux/mariadb

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

10.11.15-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-79550.json"