{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-32710", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-13T14:33:42.824Z", "datePublished": "2026-03-20T18:31:48.870Z", "dateUpdated": "2026-03-20T21:25:30.078Z"}, "containers": {"cna": {"title": "Heap-based Buffer Overflow in MariaDB", "problemTypes": [{"descriptions": [{"cweId": "CWE-122", "lang": "en", "description": "CWE-122: Heap-based Buffer Overflow", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/MariaDB/server/security/advisories/GHSA-4rj5-2227-9wgc", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/MariaDB/server/security/advisories/GHSA-4rj5-2227-9wgc"}, {"name": "https://jira.mariadb.org/browse/MDEV-38356", "tags": ["x_refsource_MISC"], "url": "https://jira.mariadb.org/browse/MDEV-38356"}], "affected": [{"vendor": "MariaDB", "product": "server", "versions": [{"version": ">= 11.4.1, < 11.4.10", "status": "affected"}, {"version": ">= 11.8.1, < 11.8.6", "status": "affected"}, {"version": ">= 12.1.2, < 12.2.2", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-20T18:31:48.870Z"}, "descriptions": [{"lang": "en", "value": "MariaDB server is a community developed fork of MySQL server. An authenticated user can crash MariaDB versions 11.4 before 11.4.10 and 11.8 before 11.8.6 via a bug in JSON_SCHEMA_VALID() function. Under certain conditions it might be possible to turn the crash into a remote code execution. These conditions require tight control over memory layout which is generally only attainable in a lab environment. This issue is fixed in MariaDB 11.4.10, MariaDB 11.8.6, and MariaDB 12.2.2."}], "source": {"advisory": "GHSA-4rj5-2227-9wgc", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-20T21:25:17.333870Z", "id": "CVE-2026-32710", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-20T21:25:30.078Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-32710", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-20T21:25:17.333870Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-20T21:25:26.081Z"}}], "cna": {"title": "Heap-based Buffer Overflow in MariaDB", "source": {"advisory": "GHSA-4rj5-2227-9wgc", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "MariaDB", "product": "server", "versions": [{"status": "affected", "version": ">= 11.4.1, < 11.4.10"}, {"status": "affected", "version": ">= 11.8.1, < 11.8.6"}, {"status": "affected", "version": ">= 12.1.2, < 12.2.2"}]}], "references": [{"url": "https://github.com/MariaDB/server/security/advisories/GHSA-4rj5-2227-9wgc", "name": "https://github.com/MariaDB/server/security/advisories/GHSA-4rj5-2227-9wgc", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://jira.mariadb.org/browse/MDEV-38356", "name": "https://jira.mariadb.org/browse/MDEV-38356", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "MariaDB server is a community developed fork of MySQL server. An authenticated user can crash MariaDB versions 11.4 before 11.4.10 and 11.8 before 11.8.6 via a bug in JSON_SCHEMA_VALID() function. Under certain conditions it might be possible to turn the crash into a remote code execution. These conditions require tight control over memory layout which is generally only attainable in a lab environment. This issue is fixed in MariaDB 11.4.10, MariaDB 11.8.6, and MariaDB 12.2.2."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-20T18:31:48.870Z"}}}, "cveMetadata": {"cveId": "CVE-2026-32710", "state": "PUBLISHED", "dateUpdated": "2026-03-20T21:25:30.078Z", "dateReserved": "2026-03-13T14:33:42.824Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-20T18:31:48.870Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "MariaDB server is a community developed fork of MySQL server. An authenticated user can crash MariaDB versions 11.4 before 11.4.10 and 11.8 before 11.8.6 via a bug in JSON_SCHEMA_VALID() function. Under certain conditions it might be possible to turn the crash into a remote code execution. These conditions require tight control over memory layout which is generally only attainable in a lab environment. This issue is fixed in MariaDB 11.4.10, MariaDB 11.8.6, and MariaDB 12.2.2."}], "id": "CVE-2026-32710", "lastModified": "2026-03-24T15:54:09.400", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 6.0, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-20T19:16:16.670", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/MariaDB/server/security/advisories/GHSA-4rj5-2227-9wgc"}, {"source": "security-advisories@github.com", "url": "https://jira.mariadb.org/browse/MDEV-38356"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-122"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"bugzilla": {"description": "MariaDB: MariaDB: Remote Code Execution or Denial of Service via JSON_SCHEMA_VALID() function vulnerability", "id": "2449711", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449711"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-120", "details": ["A flaw was found in MariaDB. An authenticated user can exploit a vulnerability in the `JSON_SCHEMA_VALID()` function, which may lead to a server crash, resulting in a denial of service. Under specific and controlled conditions, this flaw could potentially be leveraged to achieve remote code execution, allowing an attacker to run arbitrary commands on the affected system."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}, "name": "CVE-2026-32710", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "mariadb10.11", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "mariadb11.8", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "mariadb", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "mariadb:10.11/mariadb", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "mariadb:10.3/mariadb", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "mariadb:10.5/mariadb", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "mariadb-devel:10.3/mariadb", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "mariadb", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "mariadb:10.11/mariadb", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-03-20T18:31:48Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-32710\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-32710\nhttps://github.com/MariaDB/server/security/advisories/GHSA-4rj5-2227-9wgc\nhttps://jira.mariadb.org/browse/MDEV-38356"], "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[11.4.1,11.4.10)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[11.8.1,11.8.6)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[12.1.2,12.2.2)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "server", "source": "cna", "vendor": "MariaDB"}, "product": "server", "vendor": "mariadb"}], "analysis": {"en": {"generated_at": "2026-03-23T13:55:21.843030+00:00", "value": {"mitigation_remediation": ["Update MariaDB to version 11.4.10, 11.8.6, 12.2.2 or newer.", "Limit database access to trusted users and restrict use of the JSON_SCHEMA_VALID() function.", "Monitor the database for unexpected crashes and review logs for anomalous activity."], "summary": {"action": "Apply Patch", "impact": "Potential Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The vulnerability affects MariaDB server releases 11.4 before 11.4.10, 11.8 before 11.8.6, and any version prior to 12.2.2, all of which are publicly available community builds.", "description_and_impact": "MariaDB server contains a heap-based buffer overflow in the JSON_SCHEMA_VALID() function. An authenticated user can trigger a crash on versions 11.4 prior to 11.4.10 and 11.8 prior to 11.8.6, and under very specific memory conditions it may be possible to turn that crash into remote code execution.", "risk_and_exploitability": "The CVSS score of 8.6 indicates high severity, but the EPSS score of less than 1% and the absence from the KEV catalog suggest a low probability of real-world exploitation. The need for tight control of memory layout reduces the practicality of an attacker. Nonetheless, the potential for remote code execution makes it critical to apply the fix as soon as possible."}}}}, "created": "2026-03-23T09:53:00.679569+00:00", "updated": "2026-03-25T14:34:56.524501+00:00", "vendors": ["mariadb", "mariadb$PRODUCT$server"]}