{"id":"CVE-2026-48165","summary":"MariaDB: unsafe usage of `wsrep_sst_receive_address` values on the joiner side","details":"MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.27, 10.11.1 to before 10.11.18, 11.4.1 to before 11.4.12, 11.8.1 to before 11.8.8, and 12.3.1, a high-privileged MariaDB user could've used wsrep_sst_receive_address or wsrep_sst_donor global system variables to execute shell commands as the uid of the mariadbd process on the galera joiner node. This issue has been patched in versions 10.6.27, 10.11.18, 11.4.12, 11.8.8, and 12.3.2.","aliases":["BIT-mariadb-2026-48165","BIT-mariadb-min-2026-48165","BIT-mysql-client-2026-48165","GHSA-7v3p-h23x-8hwv"],"modified":"2026-07-14T03:56:36.856959629Z","published":"2026-06-12T17:35:16.918Z","related":["SUSE-SU-2026:22095-1","SUSE-SU-2026:2282-1","SUSE-SU-2026:2284-1","SUSE-SU-2026:2330-1","openSUSE-SU-2026:10934-1","openSUSE-SU-2026:20933-1"],"database_specific":{"cwe_ids":["CWE-78"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/48xxx/CVE-2026-48165.json","cna_assigner":"GitHub_M"},"references":[{"type":"WEB","url":"https://jira.mariadb.org/browse/MDEV-39676"},{"type":"WEB","url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-48165.json"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2026:25143"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2026:25145"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2026:33093"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2026:33412"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2026:33464"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2026:33481"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2026:33482"},{"type":"ADVISORY","url":"https://access.redhat.com/security/cve/CVE-2026-48165"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/48xxx/CVE-2026-48165.json"},{"type":"ADVISORY","url":"https://github.com/MariaDB/server/security/advisories/GHSA-7v3p-h23x-8hwv"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-48165"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2488458"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mariadb/server","events":[{"introduced":"00a8357bd30fdfca23720448a3f638290b6d35b7"},{"fixed":"b2050fdb4a8776422baf01a41bf86845994edb97"},{"introduced":"2437674291f31c91869a74eb6ebd9f03dc52bd43"},{"fixed":"197f92bee02d8e836f529f37625be69b83e7acbd"},{"introduced":"fa69b085b10f19a3a8b6e7adab27c104924333ae"},{"fixed":"b4a80422bfeec93079a430c080fffbda8f6fa574"},{"introduced":"1c4aed7c680c0402d6e97e097f03815c0e9bf4c5"},{"fixed":"46a8eb42a520193686d9a16d4cea4b3e002917e4"},{"introduced":"21a0714a118614982d20bfa504763d7247800091"}],"database_specific":{"cpe":["cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*","cpe:2.3:a:mariadb:mariadb:12.3.1:*:*:*:*:*:*:*"],"extracted_events":[{"introduced":"10.6.1"},{"fixed":"10.6.27"},{"introduced":"10.11.1"},{"fixed":"10.11.18"},{"introduced":"11.4.1"},{"fixed":"11.4.12"},{"introduced":"11.8.1"},{"fixed":"11.8.8"},{"introduced":"12.3.1"},{"last_affected":"12.3.1"}],"source":["CPE_RANGE","CPE_STRING"]}}],"versions":["12.3.1","mariadb-10.11.17","mariadb-11.8.7b","mariadb-11.4.11b","mariadb-10.6.26","mariadb-11.8.7","mariadb-11.4.11","mariadb-10.11.14","mariadb-11.8.6","mariadb-10.11.16","mariadb-11.4.10","mariadb-10.6.25","mariadb-11.8.4","mariadb-11.4.9","mariadb-10.11.15","mariadb-10.6.24","mariadb-11.8.3","mariadb-10.6.23","mariadb-11.4.8","mariadb-10.11.13","mariadb-11.8.2","mariadb-10.6.20","mariadb-11.4.7","mariadb-10.6.5","mariadb-10.11.12","mariadb-11.4.6","mariadb-10.6.22","mariadb-10.11.11","mariadb-11.8.1","mariadb-11.4.5","mariadb-10.6.21","mariadb-11.4.4","mariadb-10.6.18","mariadb-10.11.10","mariadb-11.4.3","mariadb-10.11.8","mariadb-10.11.9","mariadb-10.6.19","mariadb-10.6.17","mariadb-11.4.2","mariadb-11.4.1","mariadb-10.11.7","mariadb-10.11.6","mariadb-10.6.16","mariadb-10.6.12","mariadb-10.6.14","mariadb-10.6.13","mariadb-10.6.11","mariadb-10.6.8","mariadb-10.6.9","mariadb-10.11.2","mariadb-10.11.1","mariadb-10.6.10","mariadb-10.6.6","mariadb-10.6.4","mariadb-10.6.3","mariadb-10.6.2","mariadb-10.6.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-48165.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"}]}