{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-32710", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-13T14:33:42.824Z", "datePublished": "2026-03-20T18:31:48.870Z", "dateUpdated": "2026-03-20T21:25:30.078Z"}, "containers": {"cna": {"title": "Heap-based Buffer Overflow in MariaDB", "problemTypes": [{"descriptions": [{"cweId": "CWE-122", "lang": "en", "description": "CWE-122: Heap-based Buffer Overflow", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/MariaDB/server/security/advisories/GHSA-4rj5-2227-9wgc", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/MariaDB/server/security/advisories/GHSA-4rj5-2227-9wgc"}, {"name": "https://jira.mariadb.org/browse/MDEV-38356", "tags": ["x_refsource_MISC"], "url": "https://jira.mariadb.org/browse/MDEV-38356"}], "affected": [{"vendor": "MariaDB", "product": "server", "versions": [{"version": ">= 11.4.1, < 11.4.10", "status": "affected"}, {"version": ">= 11.8.1, < 11.8.6", "status": "affected"}, {"version": ">= 12.1.2, < 12.2.2", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-20T18:31:48.870Z"}, "descriptions": [{"lang": "en", "value": "MariaDB server is a community developed fork of MySQL server. An authenticated user can crash MariaDB versions 11.4 before 11.4.10 and 11.8 before 11.8.6 via a bug in JSON_SCHEMA_VALID() function. Under certain conditions it might be possible to turn the crash into a remote code execution. These conditions require tight control over memory layout which is generally only attainable in a lab environment. This issue is fixed in MariaDB 11.4.10, MariaDB 11.8.6, and MariaDB 12.2.2."}], "source": {"advisory": "GHSA-4rj5-2227-9wgc", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-20T21:25:17.333870Z", "id": "CVE-2026-32710", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-20T21:25:30.078Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-32710", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-20T21:25:17.333870Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-20T21:25:26.081Z"}}], "cna": {"title": "Heap-based Buffer Overflow in MariaDB", "source": {"advisory": "GHSA-4rj5-2227-9wgc", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "MariaDB", "product": "server", "versions": [{"status": "affected", "version": ">= 11.4.1, < 11.4.10"}, {"status": "affected", "version": ">= 11.8.1, < 11.8.6"}, {"status": "affected", "version": ">= 12.1.2, < 12.2.2"}]}], "references": [{"url": "https://github.com/MariaDB/server/security/advisories/GHSA-4rj5-2227-9wgc", "name": "https://github.com/MariaDB/server/security/advisories/GHSA-4rj5-2227-9wgc", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://jira.mariadb.org/browse/MDEV-38356", "name": "https://jira.mariadb.org/browse/MDEV-38356", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "MariaDB server is a community developed fork of MySQL server. An authenticated user can crash MariaDB versions 11.4 before 11.4.10 and 11.8 before 11.8.6 via a bug in JSON_SCHEMA_VALID() function. Under certain conditions it might be possible to turn the crash into a remote code execution. These conditions require tight control over memory layout which is generally only attainable in a lab environment. This issue is fixed in MariaDB 11.4.10, MariaDB 11.8.6, and MariaDB 12.2.2."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-20T18:31:48.870Z"}}}, "cveMetadata": {"cveId": "CVE-2026-32710", "state": "PUBLISHED", "dateUpdated": "2026-03-20T21:25:30.078Z", "dateReserved": "2026-03-13T14:33:42.824Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-20T18:31:48.870Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "MariaDB server is a community developed fork of MySQL server. An authenticated user can crash MariaDB versions 11.4 before 11.4.10 and 11.8 before 11.8.6 via a bug in JSON_SCHEMA_VALID() function. Under certain conditions it might be possible to turn the crash into a remote code execution. These conditions require tight control over memory layout which is generally only attainable in a lab environment. This issue is fixed in MariaDB 11.4.10, MariaDB 11.8.6, and MariaDB 12.2.2."}], "id": "CVE-2026-32710", "lastModified": "2026-03-24T15:54:09.400", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 6.0, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-20T19:16:16.670", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/MariaDB/server/security/advisories/GHSA-4rj5-2227-9wgc"}, {"source": "security-advisories@github.com", "url": "https://jira.mariadb.org/browse/MDEV-38356"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-122"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"bugzilla": {"description": "MariaDB: MariaDB: Remote Code Execution or Denial of Service via JSON_SCHEMA_VALID() function vulnerability", "id": "2449711", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449711"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-120", "details": ["A flaw was found in MariaDB. An authenticated user can exploit a vulnerability in the `JSON_SCHEMA_VALID()` function, which may lead to a server crash, resulting in a denial of service. Under specific and controlled conditions, this flaw could potentially be leveraged to achieve remote code execution, allowing an attacker to run arbitrary commands on the affected system."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}, "name": "CVE-2026-32710", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "mariadb10.11", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "mariadb11.8", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "mariadb", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "mariadb:10.11/mariadb", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "mariadb:10.3/mariadb", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "mariadb:10.5/mariadb", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "mariadb-devel:10.3/mariadb", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "mariadb", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "mariadb:10.11/mariadb", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-03-20T18:31:48Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-32710\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-32710\nhttps://github.com/MariaDB/server/security/advisories/GHSA-4rj5-2227-9wgc\nhttps://jira.mariadb.org/browse/MDEV-38356"], "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[11.4.1,11.4.10)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[11.8.1,11.8.6)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[12.1.2,12.2.2)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "server", "source": "cna", "vendor": "MariaDB"}, "product": "server", "vendor": "mariadb"}], "created": "2026-03-23T09:53:00.679569+00:00", "updated": "2026-03-23T09:53:00.679671+00:00", "vendors": ["mariadb", "mariadb$PRODUCT$server"]}