Home
MEDIUM: 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NMEDIUM: 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:NDefault status
unaffected
10.6.25
unaffected
10.11.16
unaffected
11.4.10
unaffected
11.8.6
unaffected
Default status
unaffected
2.12.6
unaffected
3.04.6
unaffected
3.10.3
unaffected
3.11.1
unaffected
Default status
unaffected
5.7.44-RDS.20260212
unaffected
8.0.45
unaffected
8.4.8
unaffected
Default status
unaffected
10.6.25
unaffected
10.11.16
unaffected
11.4.10
unaffected
11.8.6
unaffected
Description
In MariaDB server version through 11.8.5, when server audit plugin is enabled with server_audit_events variable configured with QUERY_DCL, QUERY_DDL, or QUERY_DML filtering, if an authenticated database user invokes a SQL statement prefixed with double-hyphen (—) or hash (#) style comments, the statement is not logged.
Problem types
CWE-778 (Insufficient Logging)
Product status
10.6.25
10.11.16
11.4.10
11.8.6
2.12.6
3.04.6
3.10.3
3.11.1
5.7.44-RDS.20260212
8.0.45
8.4.8
10.6.25
10.11.16
11.4.10
11.8.6
References
aws.amazon.com/security/security-bulletins/2026-006-AWS/
github.com/...ommit/635559a2ad68a5a6d1a354e8209c58323dba0261
github.com/...ommit/01e25a5cb1073f131eea774c06c8a056b1e4b2ff