What is CVE-2026-32710?

CVE-2026-32710 is a high-severity vulnerability in Mariadb Server, classified under Heap-based Buffer Overflow. CVSS score: 8.6/10. Published 2026-03-20.

How severe is CVE-2026-32710?

High severity. CVSS v3 base score is 8.6 out of 10.

Is CVE-2026-32710 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Buffer overflow in Mariadb Server

CVE-2026-32710

MariaDB server is a community developed fork of MySQL server. An authenticated user can crash MariaDB versions 11.4 before 11.4.10 and 11.8 before 11.8.6 via a bug in JSON_SCHEMA_VALID() function. Under certain conditions it might be possi…

Vulnerability class: Buffer Overflow

EPSS: 0.001 (29.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.6 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H.

Affected products

Mariadb Server — versions >= 11.4.1, < 11.4.10, >= 11.8.1, < 11.8.6, >= 12.1.2, < 12.2.2

Weakness classification (CWE)

CWE-122 — Heap-based Buffer Overflow

Public proof-of-concept exploits

dinosn/CVE-2026-32710

References

https://github.com/MariaDB/server/security/advisories/GHSA-4rj5-2227-9wgc (x_refsource_CONFIRM)
https://jira.mariadb.org/browse/MDEV-38356 (x_refsource_MISC)

Frequently asked questions

What is CVE-2026-32710?: CVE-2026-32710 is a high-severity vulnerability in Mariadb Server, classified under Heap-based Buffer Overflow. CVSS score: 8.6/10. Published 2026-03-20.
How severe is CVE-2026-32710?: High severity. CVSS v3 base score is 8.6 out of 10.
Is CVE-2026-32710 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.