CVE-2026-32710
- Source
- https://cve.org/CVERecord?id=CVE-2026-32710
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-32710.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2026-32710
- Aliases
-
- BIT-mariadb-2026-32710
- BIT-mariadb-min-2026-32710
- BIT-mysql-client-2026-32710
- GHSA-4rj5-2227-9wgc
- Downstream
- Related
- Published
- 2026-03-20T18:31:48.870Z
- Modified
- 2026-05-06T08:14:16.114209858Z
- Severity
-
- 8.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
- Summary
- Heap-based Buffer Overflow in MariaDB
- Details
-
MariaDB server is a community developed fork of MySQL server. An authenticated user can crash MariaDB versions 11.4 before 11.4.10 and 11.8 before 11.8.6 via a bug in JSONSCHEMAVALID() function. Under certain conditions it might be possible to turn the crash into a remote code execution. These conditions require tight control over memory layout which is generally only attainable in a lab environment. This issue is fixed in MariaDB 11.4.10, MariaDB 11.8.6, and MariaDB 12.2.2.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/32xxx/CVE-2026-32710.json", "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-122" ] }- References
Affected packages
Git / github.com/mariadb/server
Affected ranges
Affected versions
mariadb-11.*
mariadb-11.4.1
mariadb-11.4.2
mariadb-11.4.3
mariadb-11.4.4
mariadb-11.4.5
mariadb-11.4.6
mariadb-11.4.7
mariadb-11.4.8
mariadb-11.4.9
mariadb-11.8.1
mariadb-11.8.2
mariadb-11.8.3
mariadb-11.8.4
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-32710.json"
vanir_signatures_modified
"2026-04-12T20:14:06Z"
vanir_signatures
[
{
"target": {
"file": "sql/sp_instr.cc"
},
"id": "CVE-2026-32710-22eb6579",
"source": "https://github.com/mariadb/server/commit/d26a6f44c1f2119377e79a9540886c6d8c01472f",
"signature_type": "Line",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"331495033010792057398295084692551616862",
"178889473583969224685848879336469251622",
"72995215509533274417683389386874442936",
"34733286214113447932010597917174327234",
"220595837734737098186096626766433509208",
"338750869998908232338240892716586972189",
"200331074068810549623743321810491183265",
"318528549273668054390962137954896768015",
"26834430279848683763735550481300098934",
"68590751291616411132278116452337632760",
"155245705888256277018230600879388905005",
"281201383801172153236642507346466029898",
"11578098737963444869029556637210276545",
"88679534638751502059684342659870334045",
"174412566811641505963715332693034819441",
"212479306865523010564552785282223352918",
"264094808494796852436130642367514195992"
]
},
"signature_version": "v1"
},
{
"signature_version": "v1",
"id": "CVE-2026-32710-f170ab29",
"source": "https://github.com/mariadb/server/commit/d26a6f44c1f2119377e79a9540886c6d8c01472f",
"signature_type": "Line",
"deprecated": false,
"target": {
"file": "sql/sp_instr.h"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"333736738574052575197108677744715005253",
"262810137784205432405179339402165348111",
"118178308854161151067014370856362614751",
"10257631431620263937293216233444103471"
]
}
},
{
"digest": {
"length": 2658.0,
"function_hash": "47421469537526624674199985998928255848"
},
"id": "CVE-2026-32710-fe069a50",
"source": "https://github.com/mariadb/server/commit/d26a6f44c1f2119377e79a9540886c6d8c01472f",
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "sql/sp_instr.cc",
"function": "sp_lex_instr::parse_expr"
}
}
]