{"id":"AZL-79550","summary":"CVE-2026-3494 affecting package mariadb 10.11.15-1","details":"In MariaDB server version through 11.8.5, when server audit plugin is enabled with server_audit_events variable configured with QUERY_DCL, QUERY_DDL, or QUERY_DML filtering, if an authenticated database user invokes a SQL statement prefixed with double-hyphen (—) or hash (#) style comments, the statement is not logged.","modified":"2026-04-21T04:34:46.573938Z","published":"2026-03-03T20:16:50Z","upstream":["CVE-2026-3494"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3494"}],"affected":[{"package":{"name":"mariadb","ecosystem":"Azure Linux:3","purl":"pkg:rpm/azure-linux/mariadb"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"last_affected":"10.11.15-1"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-79550.json"}}],"schema_version":"1.7.5"}