cvedb.io
CVE-2026-44172
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2026-06-12T18:16:34.123 · Last modified 2026-07-03T13:17:14.803

Summary

MariaDB server is a community developed fork of MySQL server. In versions 3.3.18 and 3.4.8, an application that was taking non-validated user input, escaping it with mysql_real_escape_string() and sending it to the database using text protocol and big5 character set was vulnerable to SQL injections, even though mysql_real_escape_string() was supposed to prevent them. This issue has been patched in versions 3.3.19 and 3.4.9.

Affected products

mariadb — mariadb

Does this affect you?

Add your gear to cvedb and we'll alert you only when mariadb ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.