{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3494", "assignerOrgId": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "state": "PUBLISHED", "assignerShortName": "AMZN", "dateReserved": "2026-03-03T17:26:55.939Z", "datePublished": "2026-03-03T18:12:12.361Z", "dateUpdated": "2026-03-16T17:03:08.613Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "shortName": "AMZN", "dateUpdated": "2026-03-16T17:03:08.613Z"}, "title": "MariaDB Server Audit Plugin Comment Handling Bypass", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-778", "description": "CWE-778 (Insufficient Logging)", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-93", "descriptions": [{"lang": "en", "value": "CAPEC-93 (Log Injection-Tampering-Forging)"}]}], "affected": [{"vendor": "MariaDB Foundation", "product": "MariaDB Server", "versions": [{"status": "unaffected", "version": "10.6.25"}, {"status": "unaffected", "version": "10.11.16"}, {"status": "unaffected", "version": "11.4.10"}, {"status": "unaffected", "version": "11.8.6"}], "defaultStatus": "unaffected"}, {"vendor": "Amazon", "product": "Aurora MySQL", "versions": [{"status": "unaffected", "version": "2.12.6"}, {"status": "unaffected", "version": "3.04.6"}, {"status": "unaffected", "version": "3.10.3"}, {"status": "unaffected", "version": "3.11.1"}], "defaultStatus": "unaffected"}, {"vendor": "Amazon", "product": "RDS for MySQL", "versions": [{"status": "unaffected", "version": "5.7.44-RDS.20260212"}, {"status": "unaffected", "version": "8.0.45"}, {"status": "unaffected", "version": "8.4.8"}], "defaultStatus": "unaffected"}, {"vendor": "Amazon", "product": "RDS for MariaDB", "versions": [{"status": "unaffected", "version": "10.6.25"}, {"status": "unaffected", "version": "10.11.16"}, {"status": "unaffected", "version": "11.4.10"}, {"status": "unaffected", "version": "11.8.6"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "In MariaDB server version through 11.8.5, when server audit plugin is enabled with server_audit_events variable configured with QUERY_DCL, QUERY_DDL, or QUERY_DML filtering, if an authenticated database user invokes a SQL statement prefixed with double-hyphen (\u2014) or hash (#) style comments, the statement is not logged.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>In MariaDB server version through 11.8.5, when server audit plugin is enabled with server_audit_events variable configured with QUERY_DCL, QUERY_DDL, or QUERY_DML filtering, if an authenticated database user invokes a SQL statement prefixed with double-hyphen (\u2014) or hash (#) style comments, the statement is not logged.</p>"}]}], "references": [{"url": "https://aws.amazon.com/security/security-bulletins/2026-006-AWS/", "tags": ["vendor-advisory"]}, {"url": "https://github.com/MariaDB/server/commit/635559a2ad68a5a6d1a354e8209c58323dba0261", "tags": ["patch"]}, {"url": "https://github.com/aws/audit-plugin-for-mysql/commit/01e25a5cb1073f131eea774c06c8a056b1e4b2ff", "tags": ["patch"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}}, {"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "MEDIUM", "baseScore": 5.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-03T18:56:25.959459Z", "id": "CVE-2026-3494", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-03T18:56:35.946Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-3494", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-03T18:56:25.959459Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-03T18:56:28.318Z"}}], "cna": {"title": "MariaDB Server Audit Plugin Comment Handling Bypass", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-93", "descriptions": [{"lang": "en", "value": "CAPEC-93 (Log Injection-Tampering-Forging)"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "MariaDB Foundation", "product": "MariaDB Server", "versions": [{"status": "unaffected", "version": "10.6.25"}, {"status": "unaffected", "version": "10.11.16"}, {"status": "unaffected", "version": "11.4.10"}, {"status": "unaffected", "version": "11.8.6"}], "defaultStatus": "unaffected"}, {"vendor": "Amazon", "product": "Aurora MySQL", "versions": [{"status": "unaffected", "version": "2.12.6"}, {"status": "unaffected", "version": "3.04.6"}, {"status": "unaffected", "version": "3.10.3"}, {"status": "unaffected", "version": "3.11.1"}], "defaultStatus": "unaffected"}, {"vendor": "Amazon", "product": "RDS for MySQL", "versions": [{"status": "unaffected", "version": "5.7.44-RDS.20260212"}, {"status": "unaffected", "version": "8.0.45"}, {"status": "unaffected", "version": "8.4.8"}], "defaultStatus": "unaffected"}, {"vendor": "Amazon", "product": "RDS for MariaDB", "versions": [{"status": "unaffected", "version": "10.6.25"}, {"status": "unaffected", "version": "10.11.16"}, {"status": "unaffected", "version": "11.4.10"}, {"status": "unaffected", "version": "11.8.6"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://aws.amazon.com/security/security-bulletins/2026-006-AWS/", "tags": ["vendor-advisory"]}, {"url": "https://github.com/MariaDB/server/commit/635559a2ad68a5a6d1a354e8209c58323dba0261", "tags": ["patch"]}, {"url": "https://github.com/aws/audit-plugin-for-mysql/commit/01e25a5cb1073f131eea774c06c8a056b1e4b2ff", "tags": ["patch"]}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "In MariaDB server version through 11.8.5, when server audit plugin is enabled with server_audit_events variable configured with QUERY_DCL, QUERY_DDL, or QUERY_DML filtering, if an authenticated database user invokes a SQL statement prefixed with double-hyphen (\u2014) or hash (#) style comments, the statement is not logged.", "supportingMedia": [{"type": "text/html", "value": "<p>In MariaDB server version through 11.8.5, when server audit plugin is enabled with server_audit_events variable configured with QUERY_DCL, QUERY_DDL, or QUERY_DML filtering, if an authenticated database user invokes a SQL statement prefixed with double-hyphen (\u2014) or hash (#) style comments, the statement is not logged.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-778", "description": "CWE-778 (Insufficient Logging)"}]}], "providerMetadata": {"orgId": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "shortName": "AMZN", "dateUpdated": "2026-03-16T17:03:08.613Z"}}}, "cveMetadata": {"cveId": "CVE-2026-3494", "state": "PUBLISHED", "dateUpdated": "2026-03-16T17:03:08.613Z", "dateReserved": "2026-03-03T17:26:55.939Z", "assignerOrgId": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "datePublished": "2026-03-03T18:12:12.361Z", "assignerShortName": "AMZN"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*", "matchCriteriaId": "8A30EA78-32F5-4C1B-A67A-23DC6C7B72EB", "versionEndIncluding": "10.6.24", "vulnerable": true}, {"criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*", "matchCriteriaId": "332B395C-4839-4615-B00B-E4D441F2CD0A", "versionEndIncluding": "10.11.15", "versionStartIncluding": "10.7.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*", "matchCriteriaId": "A26387F9-8443-4057-A5E1-441377F32CDB", "versionEndIncluding": "11.4.9", "versionStartIncluding": "11.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*", "matchCriteriaId": "A2088E08-6CAF-4EA5-BF0D-1E5F7D895EAE", "versionEndIncluding": "11.8.5", "versionStartIncluding": "11.5.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:amazon:aurora_mysql:*:*:*:*:*:*:*:*", "matchCriteriaId": "47D5C055-479D-48B1-9A1B-96A03A991BF7", "versionEndIncluding": "2.12.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:amazon:aurora_mysql:*:*:*:*:*:*:*:*", "matchCriteriaId": "AE644D3A-3533-42D9-9CF6-9ED557973FDC", "versionEndIncluding": "3.04.5", "versionStartIncluding": "3.01.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:amazon:aurora_mysql:*:*:*:*:*:*:*:*", "matchCriteriaId": "71F2AFB8-E9B5-41BB-9FA6-5FD6DF742609", "versionEndIncluding": "3.10.2", "versionStartIncluding": "3.05.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:amazon:aurora_mysql:3.11.0:*:*:*:*:*:*:*", "matchCriteriaId": "A6548276-890D-4BAA-B63C-2589276CB05B", "vulnerable": true}, {"criteria": "cpe:2.3:a:amazon:relational_database_service:*:*:*:*:*:mysql:*:*", "matchCriteriaId": "19020403-62DD-4582-94FC-C942145BE41C", "versionEndIncluding": "5.7.44-rds.20251212", "vulnerable": true}, {"criteria": "cpe:2.3:a:amazon:relational_database_service:*:*:*:*:*:mariadb:*:*", "matchCriteriaId": "D726E50A-7EF5-416D-A87A-2BF960AD2FE8", "versionEndIncluding": "10.6.24", "vulnerable": true}, {"criteria": "cpe:2.3:a:amazon:relational_database_service:*:*:*:*:*:mysql:*:*", "matchCriteriaId": "D0E5AB60-5EAB-4425-A5ED-D7A4C885412B", "versionEndIncluding": "8.0.44", "versionStartIncluding": "8.0.11", "vulnerable": true}, {"criteria": "cpe:2.3:a:amazon:relational_database_service:*:*:*:*:*:mysql:*:*", "matchCriteriaId": "245D28E5-72B2-425D-B45A-A8FF86253512", "versionEndIncluding": "8.4.7", "versionStartIncluding": "8.4.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:amazon:relational_database_service:*:*:*:*:*:mariadb:*:*", "matchCriteriaId": "231A1730-3772-4CBD-9987-88261193DE56", "versionEndIncluding": "10.11.15", "versionStartIncluding": "10.11.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:amazon:relational_database_service:*:*:*:*:*:mariadb:*:*", "matchCriteriaId": "BAFD31F7-359F-4CC7-8DDF-4543EB8478D7", "versionEndIncluding": "11.4.9", "versionStartIncluding": "11.4.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:amazon:relational_database_service:*:*:*:*:*:mariadb:*:*", "matchCriteriaId": "06BB3DE6-41A1-4D83-B3ED-E3200E8A414B", "versionEndIncluding": "11.8.5", "versionStartIncluding": "11.8.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In MariaDB server version through 11.8.5, when server audit plugin is enabled with server_audit_events variable configured with QUERY_DCL, QUERY_DDL, or QUERY_DML filtering, if an authenticated database user invokes a SQL statement prefixed with double-hyphen (\u2014) or hash (#) style comments, the statement is not logged."}, {"lang": "es", "value": "En la versi\u00f3n del servidor MariaDB hasta la 11.8.5, cuando el plugin de auditor\u00eda del servidor est\u00e1 habilitado con la variable server_audit_events configurada con el filtrado QUERY_DCL, QUERY_DDL o QUERY_DML, si un usuario de base de datos autenticado invoca una instrucci\u00f3n SQL prefijada con comentarios estilo doble guion (\u2014) o almohadilla (#), la instrucci\u00f3n no se registra."}], "id": "CVE-2026-3494", "lastModified": "2026-03-16T18:16:09.707", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "type": "Secondary"}]}, "published": "2026-03-03T20:16:50.667", "references": [{"source": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "tags": ["Third Party Advisory"], "url": "https://aws.amazon.com/security/security-bulletins/2026-006-AWS/"}, {"source": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "url": "https://github.com/MariaDB/server/commit/635559a2ad68a5a6d1a354e8209c58323dba0261"}, {"source": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "url": "https://github.com/aws/audit-plugin-for-mysql/commit/01e25a5cb1073f131eea774c06c8a056b1e4b2ff"}], "sourceIdentifier": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-778"}], "source": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "MariaDB: MariaDB: Information disclosure due to unlogged SQL statements with comments", "id": "2444155", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2444155"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "status": "draft"}, "cwe": "CWE-1286", "details": ["No description is available for this CVE."], "mitigation": {"lang": "en:us", "value": "To prevent authenticated users from bypassing logging of SQL statements prefixed with comments, disable the MariaDB Server Audit Plugin if its current behavior is not suitable for your auditing requirements.\nTo disable the plugin, modify your MariaDB configuration file (e.g., `/etc/my.cnf` or a file in `/etc/my.cnf.d/`) to set `server_audit_logging=OFF` within the `[mariadb]` section.\n```\n[mariadb]\nserver_audit_logging=OFF\n```\nAfter modifying the configuration, restart the MariaDB service for the changes to take effect:\n```bash\nsystemctl restart mariadb\n```\nDisabling this plugin will cease all auditing performed by the MariaDB Server Audit Plugin. Ensure this aligns with your security policies and that alternative auditing mechanisms are in place if comprehensive logging is required."}, "name": "CVE-2026-3494", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "mariadb10.11", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "mariadb11.8", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "mariadb", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "mariadb:10.11/mariadb", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "mariadb:10.3/mariadb", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "mariadb:10.5/mariadb", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "mariadb-devel:10.3/mariadb", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "mariadb", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "mariadb:10.11/mariadb", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-03-03T18:12:12Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-3494\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-3494\nhttps://aws.amazon.com/security/security-bulletins/2026-006-AWS/"], "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "2.12.6"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "3.04.6"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "3.10.3"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "3.11.1"}}], "enrichment": {"confidence": 81.0, "confidence_source": "matching", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 81.0, "source": "matching"}]}, "original": {"product": "Aurora MySQL", "source": "cna", "vendor": "Amazon"}, "product": "aurora", "vendor": "amazon"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "10.6.25"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "10.11.16"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "11.4.10"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "11.8.6"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "RDS for MariaDB", "source": "cna", "vendor": "Amazon"}, "product": "rds_for_mariadb", "vendor": "amazon"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "5.7.44-RDS.20260212"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "8.0.45"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "8.4.8"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "RDS for MySQL", "source": "cna", "vendor": "Amazon"}, "product": "rds_for_mysql", "vendor": "amazon"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "10.6.25"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "10.11.16"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "11.4.10"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "11.8.6"}}], "enrichment": {"confidence": 81.0, "confidence_source": "matching", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 81.0, "source": "matching"}]}, "original": {"product": "MariaDB Server", "source": "cna", "vendor": "MariaDB plc"}, "product": "mariadb", "vendor": "mariadb"}], "analysis": {"en": {"generated_at": "2026-04-18T10:03:57.425106+00:00", "value": {"mitigation_remediation": ["Upgrade MariaDB Server to a version later than 11.8.5 where the issue is fixed (e.g., 11.8.6 or newer).", "If an upgrade is not immediately possible, temporarily disable the audit plugin for authenticated users capable of submitting comment\u2011prefixed statements or implement application\u2011level input validation to strip or reject comments before execution.", "Set up monitoring or alerting to detect missing audit entries for DCL, DDL, or DML operations, and review any gaps in audit logs for suspicious activity."], "summary": {"action": "Apply patch when available", "impact": "Audit log bypass for authenticated users"}, "threat_synthesis": {"affected_systems": "Settings apply to MariaDB Server up to version 11.8.5, the MariaDB Foundation product, and Amazon deployments that embed this server such as Amazon Aurora MySQL, Amazon RDS for MariaDB, and Amazon RDS for MySQL. No fixed version is identified in the data.", "description_and_impact": "In MariaDB Server versions through 11.8.5, enabling the server audit plugin with filtering of DCL, DDL, or DML events allows an authenticated user to prefix a statement with double\u2011hyphen or hash comments. Because the audit subsystem ignores any statement that begins with a comment, that statement is omitted from audit records, creating a potential audit log bypass.", "risk_and_exploitability": "The CVSS score of 5.3 indicates moderate severity, and the EPSS score of less than 1\u202f% suggests a very low probability of exploitation. The flaw is not listed in the CISA KEV catalog. Based on the description, it is inferred that an authenticated user could use the comment bypass to conceal database operations from audit logs, potentially enabling stealthy activity. The overall risk is considered moderate because the CVSS rating and the low EPSS score offset the potential impact that could be achieved if exploited."}}}}, "created": "2026-03-04T14:54:09.771973+00:00", "updated": "2026-04-18T10:15:25.867265+00:00", "vendors": ["amazon", "amazon$PRODUCT$aurora", "amazon$PRODUCT$rds_for_mariadb", "amazon$PRODUCT$rds_for_mysql", "mariadb", "mariadb$PRODUCT$mariadb"]}