MariaDB server: SQL injection vulnerability via improper handling of big5 character set with mysql_real_escape_string()
Summary
MariaDB server: SQL injection vulnerability via improper handling of big5 character set with mysql_real_escape_string(). Red Hat rates this important (CVSS 9.1). Weakness: CWE-89. Affected package(s): mariadb10.11, galera, mariadb:11.8, mariadb11.8, mariadb:10.11, mariadb-connector-c-main. Resolved in Red Hat advisory RHSA-2026:33093 — update the affected packages (`sudo dnf update`).
- mariadb10.11-3:10.11.18-1.el10_2
- galera-0:26.4.27-1.el10_2
- mariadb:11.8-9080020260612104015.rhel9
- mariadb11.8-3:11.8.8-1.el10_2
- mariadb:10.11-8100020260616102001.489197e6
- mariadb:10.11-9080020260612103452.rhel9
- mariadb-connector-c-main-3.4.9-1.hum1
Official advisory · high-confidence parse· fetched 5 hours ago·verify at source
- RHSA-2026:33093
Official advisory · high-confidence parse· fetched 5 hours ago·verify at source
Mitigation checklist
- Update the affected package(s) to the fixed version shipped in RHSA-2026:33093 (`sudo dnf update` / `yum update`).
Official advisory · high-confidence parse· fetched 5 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.