CVE Catalog

CVE-2026-44169

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.28%

20th percentile — higher than 20% of all known CVEs

Summary

In MariaDB versions from 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, a user with EXECUTE access to a stored routine could see the routine definition even without SHOW CREATE ROUTINE privilege. This issue has been patched in versions 11.4.11, 11.8.7, and 12.3.2.

Risk Assessment

Organizations may be exposed to the disclosure of sensitive information regarding stored procedures, potentially leading to unauthorized access to application business logic.

Recommendation

It is recommended to upgrade to versions 11.4.11, 11.8.7, or 12.3.2 to mitigate this issue.

Original NVD description (English source)

MariaDB server is a community developed fork of MySQL server. From versions 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, a user getting EXECUTE access to a stored routine via a role, could see the routine definition even without SHOW CREATE ROUTINE privilege. This issue has been patched in versions 11.4.11, 11.8.7, and 12.3.2.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS