BIT-mysql-client-2026-3494

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/mysql-client/BIT-mysql-client-2026-3494.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-mysql-client-2026-3494

Aliases

Published

2026-03-10T08:48:51.568Z

Modified

2026-03-10T09:26:18.096108Z

Summary

MariaDB Server Audit Plugin Comment Handling Bypass

Details

In MariaDB server version through 11.8.5, when server audit plugin is enabled with serverauditevents variable configured with QUERYDCL, QUERYDDL, or QUERY_DML filtering, if an authenticated database user invokes a SQL statement prefixed with double-hyphen (—) or hash (#) style comments, the statement is not logged.

Database specific

{
    "severity": "Medium",
    "cpes": [
        "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*"
    ]
}

References

Affected packages

Bitnami / mysql-client

Package

Name: mysql-client
Purl: pkg:bitnami/mysql-client

Severity

5.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

10.6.25

Introduced

10.7.0

Fixed

12.0.2

Database specific

source

"https://github.com/bitnami/vulndb/tree/main/data/mysql-client/BIT-mysql-client-2026-3494.json"