{"id":"CVE-2026-44169","summary":"MariaDB: Authorization bypass in role-based routine-level privilege check exposes stored routine definitions","details":"MariaDB server is a community developed fork of MySQL server. From versions 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, a user getting EXECUTE access to a stored routine via a role, could see the routine definition even without SHOW CREATE ROUTINE privilege. This issue has been patched in versions 11.4.11, 11.8.7, and 12.3.2.","aliases":["BIT-mariadb-2026-44169","BIT-mariadb-min-2026-44169","BIT-mysql-client-2026-44169","GHSA-22xq-vq3f-87x2"],"modified":"2026-07-08T08:26:32.166942234Z","published":"2026-06-12T17:31:53.344Z","related":["SUSE-SU-2026:22095-1","SUSE-SU-2026:2330-1","openSUSE-SU-2026:10897-1","openSUSE-SU-2026:20933-1"],"database_specific":{"cna_assigner":"GitHub_M","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/44xxx/CVE-2026-44169.json","cwe_ids":["CWE-863"]},"references":[{"type":"WEB","url":"https://jira.mariadb.org/browse/MDEV-39288"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/44xxx/CVE-2026-44169.json"},{"type":"ADVISORY","url":"https://github.com/MariaDB/server/security/advisories/GHSA-22xq-vq3f-87x2"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44169"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mariadb/server","events":[{"introduced":"fa69b085b10f19a3a8b6e7adab27c104924333ae"},{"fixed":"10034c14cd9f8161014d1a0de45f8bec4c277487"},{"introduced":"1c4aed7c680c0402d6e97e097f03815c0e9bf4c5"},{"fixed":"e7d1202da30b7707185dc9b55af4693d1e3e4f60"},{"introduced":"21a0714a118614982d20bfa504763d7247800091"}],"database_specific":{"cpe":["cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*","cpe:2.3:a:mariadb:mariadb:12.3.1:*:*:*:*:*:*:*"],"extracted_events":[{"introduced":"11.4.1"},{"fixed":"11.4.11"},{"introduced":"11.8.1"},{"fixed":"11.8.7"},{"introduced":"12.3.1"},{"last_affected":"12.3.1"}],"source":["CPE_RANGE","CPE_STRING"]}}],"versions":["12.3.1","mariadb-11.8.7","mariadb-11.4.11","mariadb-11.8.6","mariadb-11.4.10","mariadb-11.8.4","mariadb-11.4.9","mariadb-11.8.3","mariadb-11.4.8","mariadb-11.8.2","mariadb-11.4.7","mariadb-11.4.6","mariadb-11.8.1","mariadb-11.4.5","mariadb-11.4.4","mariadb-11.4.3","mariadb-11.4.2","mariadb-11.4.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-44169.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}]}