What is CVE-2026-49261?

CVE-2026-49261 is a critical-severity vulnerability, classified under OS Command Injection. CVSS score: 10.0/10. Published 2026-06-11.

How severe is CVE-2026-49261?

Critical severity. CVSS v3 base score is 10.0 out of 10.

CVE-2026-49261

CVE-2026-49261

MariaDB server is a community developed fork of MySQL server. Versions 10.6.1 through 10.6.26, 10.11.1 through 10.11.17, 11.4.1 through 11.4.11, 11.8.1 through 11.8.7, and 12.3.1 with `wsrep_notify_cmd` enabled would execute shell command…

Vulnerability class: Command Injection (OS Command Injection)

CVSS v3 metric

CVSS v3 base score 10.0 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H.

Weakness classification (CWE)

CWE-78 — OS Command Injection

References

security-advisories@github.com
security-advisories@github.com

Frequently asked questions

What is CVE-2026-49261?: CVE-2026-49261 is a critical-severity vulnerability, classified under OS Command Injection. CVSS score: 10.0/10. Published 2026-06-11.
How severe is CVE-2026-49261?: Critical severity. CVSS v3 base score is 10.0 out of 10.