CVE-2026-44169
MediumCVSS 4.3Exploitation Probability (EPSS)
Low risk20th percentile — higher than 20% of all known CVEs
Summary
In MariaDB versions from 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, a user with EXECUTE access to a stored routine could see the routine definition even without SHOW CREATE ROUTINE privilege. This issue has been patched in versions 11.4.11, 11.8.7, and 12.3.2.
Risk Assessment
Organizations may be exposed to the disclosure of sensitive information regarding stored procedures, potentially leading to unauthorized access to application business logic.
Recommendation
It is recommended to upgrade to versions 11.4.11, 11.8.7, or 12.3.2 to mitigate this issue.
Original NVD description (English source)
MariaDB server is a community developed fork of MySQL server. From versions 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, a user getting EXECUTE access to a stored routine via a role, could see the routine definition even without SHOW CREATE ROUTINE privilege. This issue has been patched in versions 11.4.11, 11.8.7, and 12.3.2.

