← Back to home
wid-sec-w-2026-0585  ·  Published 2026-03-03  ·  View on BSI CERT-Bund ↗

MariaDB (Server Audit Plugin): Vulnerability allows Umgehen from Sicherheitsvorkehrungen

CVSS 5.3 MEDIUM

Risk Summary

In MariaDB server version through 11.8.5, when server audit plugin is enabled with server_audit_events variable configured with QUERY_DCL, QUERY_DDL, or QUERY_DML filtering, if an authenticated database user invokes a SQL statement prefixed with double-hyphen (—) or hash (#) style comments, the statement is not logged.

CVEs (1)

Affected Vendors

MariaDB Microsoft

Affected Products (9)

MariaDB · MariaDB <11.8.6
MariaDB · MariaDB 11.8.6
MariaDB · MariaDB <11.4.10
MariaDB · MariaDB 11.4.10
MariaDB · MariaDB <10.11.16
MariaDB · MariaDB 10.11.16
MariaDB · MariaDB <10.6.25
MariaDB · MariaDB 10.6.25
Microsoft · Azure Linux azl3

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more