{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3494", "assignerOrgId": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "state": "PUBLISHED", "assignerShortName": "AMZN", "dateReserved": "2026-03-03T17:26:55.939Z", "datePublished": "2026-03-03T18:12:12.361Z", "dateUpdated": "2026-03-16T17:03:08.613Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "shortName": "AMZN", "dateUpdated": "2026-03-16T17:03:08.613Z"}, "title": "MariaDB Server Audit Plugin Comment Handling Bypass", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-778", "description": "CWE-778 (Insufficient Logging)", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-93", "descriptions": [{"lang": "en", "value": "CAPEC-93 (Log Injection-Tampering-Forging)"}]}], "affected": [{"vendor": "MariaDB Foundation", "product": "MariaDB Server", "versions": [{"status": "unaffected", "version": "10.6.25"}, {"status": "unaffected", "version": "10.11.16"}, {"status": "unaffected", "version": "11.4.10"}, {"status": "unaffected", "version": "11.8.6"}], "defaultStatus": "unaffected"}, {"vendor": "Amazon", "product": "Aurora MySQL", "versions": [{"status": "unaffected", "version": "2.12.6"}, {"status": "unaffected", "version": "3.04.6"}, {"status": "unaffected", "version": "3.10.3"}, {"status": "unaffected", "version": "3.11.1"}], "defaultStatus": "unaffected"}, {"vendor": "Amazon", "product": "RDS for MySQL", "versions": [{"status": "unaffected", "version": "5.7.44-RDS.20260212"}, {"status": "unaffected", "version": "8.0.45"}, {"status": "unaffected", "version": "8.4.8"}], "defaultStatus": "unaffected"}, {"vendor": "Amazon", "product": "RDS for MariaDB", "versions": [{"status": "unaffected", "version": "10.6.25"}, {"status": "unaffected", "version": "10.11.16"}, {"status": "unaffected", "version": "11.4.10"}, {"status": "unaffected", "version": "11.8.6"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "In MariaDB server version through 11.8.5, when server audit plugin is enabled with server_audit_events variable configured with QUERY_DCL, QUERY_DDL, or QUERY_DML filtering, if an authenticated database user invokes a SQL statement prefixed with double-hyphen (\u2014) or hash (#) style comments, the statement is not logged.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>In MariaDB server version through 11.8.5, when server audit plugin is enabled with server_audit_events variable configured with QUERY_DCL, QUERY_DDL, or QUERY_DML filtering, if an authenticated database user invokes a SQL statement prefixed with double-hyphen (\u2014) or hash (#) style comments, the statement is not logged.</p>"}]}], "references": [{"url": "https://aws.amazon.com/security/security-bulletins/2026-006-AWS/", "tags": ["vendor-advisory"]}, {"url": "https://github.com/MariaDB/server/commit/635559a2ad68a5a6d1a354e8209c58323dba0261", "tags": ["patch"]}, {"url": "https://github.com/aws/audit-plugin-for-mysql/commit/01e25a5cb1073f131eea774c06c8a056b1e4b2ff", "tags": ["patch"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}}, {"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "MEDIUM", "baseScore": 5.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-03T18:56:25.959459Z", "id": "CVE-2026-3494", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-03T18:56:35.946Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-3494", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-03T18:56:25.959459Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-03T18:56:28.318Z"}}], "cna": {"title": "MariaDB Server Audit Plugin Comment Handling Bypass", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-93", "descriptions": [{"lang": "en", "value": "CAPEC-93 (Log Injection-Tampering-Forging)"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "MariaDB Foundation", "product": "MariaDB Server", "versions": [{"status": "unaffected", "version": "10.6.25"}, {"status": "unaffected", "version": "10.11.16"}, {"status": "unaffected", "version": "11.4.10"}, {"status": "unaffected", "version": "11.8.6"}], "defaultStatus": "unaffected"}, {"vendor": "Amazon", "product": "Aurora MySQL", "versions": [{"status": "unaffected", "version": "2.12.6"}, {"status": "unaffected", "version": "3.04.6"}, {"status": "unaffected", "version": "3.10.3"}, {"status": "unaffected", "version": "3.11.1"}], "defaultStatus": "unaffected"}, {"vendor": "Amazon", "product": "RDS for MySQL", "versions": [{"status": "unaffected", "version": "5.7.44-RDS.20260212"}, {"status": "unaffected", "version": "8.0.45"}, {"status": "unaffected", "version": "8.4.8"}], "defaultStatus": "unaffected"}, {"vendor": "Amazon", "product": "RDS for MariaDB", "versions": [{"status": "unaffected", "version": "10.6.25"}, {"status": "unaffected", "version": "10.11.16"}, {"status": "unaffected", "version": "11.4.10"}, {"status": "unaffected", "version": "11.8.6"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://aws.amazon.com/security/security-bulletins/2026-006-AWS/", "tags": ["vendor-advisory"]}, {"url": "https://github.com/MariaDB/server/commit/635559a2ad68a5a6d1a354e8209c58323dba0261", "tags": ["patch"]}, {"url": "https://github.com/aws/audit-plugin-for-mysql/commit/01e25a5cb1073f131eea774c06c8a056b1e4b2ff", "tags": ["patch"]}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "In MariaDB server version through 11.8.5, when server audit plugin is enabled with server_audit_events variable configured with QUERY_DCL, QUERY_DDL, or QUERY_DML filtering, if an authenticated database user invokes a SQL statement prefixed with double-hyphen (\u2014) or hash (#) style comments, the statement is not logged.", "supportingMedia": [{"type": "text/html", "value": "<p>In MariaDB server version through 11.8.5, when server audit plugin is enabled with server_audit_events variable configured with QUERY_DCL, QUERY_DDL, or QUERY_DML filtering, if an authenticated database user invokes a SQL statement prefixed with double-hyphen (\u2014) or hash (#) style comments, the statement is not logged.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-778", "description": "CWE-778 (Insufficient Logging)"}]}], "providerMetadata": {"orgId": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "shortName": "AMZN", "dateUpdated": "2026-03-16T17:03:08.613Z"}}}, "cveMetadata": {"cveId": "CVE-2026-3494", "state": "PUBLISHED", "dateUpdated": "2026-03-16T17:03:08.613Z", "dateReserved": "2026-03-03T17:26:55.939Z", "assignerOrgId": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "datePublished": "2026-03-03T18:12:12.361Z", "assignerShortName": "AMZN"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*", "matchCriteriaId": "8A30EA78-32F5-4C1B-A67A-23DC6C7B72EB", "versionEndIncluding": "10.6.24", "vulnerable": true}, {"criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*", "matchCriteriaId": "332B395C-4839-4615-B00B-E4D441F2CD0A", "versionEndIncluding": "10.11.15", "versionStartIncluding": "10.7.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*", "matchCriteriaId": "A26387F9-8443-4057-A5E1-441377F32CDB", "versionEndIncluding": "11.4.9", "versionStartIncluding": "11.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*", "matchCriteriaId": "A2088E08-6CAF-4EA5-BF0D-1E5F7D895EAE", "versionEndIncluding": "11.8.5", "versionStartIncluding": "11.5.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:amazon:aurora_mysql:*:*:*:*:*:*:*:*", "matchCriteriaId": "47D5C055-479D-48B1-9A1B-96A03A991BF7", "versionEndIncluding": "2.12.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:amazon:aurora_mysql:*:*:*:*:*:*:*:*", "matchCriteriaId": "AE644D3A-3533-42D9-9CF6-9ED557973FDC", "versionEndIncluding": "3.04.5", "versionStartIncluding": "3.01.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:amazon:aurora_mysql:*:*:*:*:*:*:*:*", "matchCriteriaId": "71F2AFB8-E9B5-41BB-9FA6-5FD6DF742609", "versionEndIncluding": "3.10.2", "versionStartIncluding": "3.05.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:amazon:aurora_mysql:3.11.0:*:*:*:*:*:*:*", "matchCriteriaId": "A6548276-890D-4BAA-B63C-2589276CB05B", "vulnerable": true}, {"criteria": "cpe:2.3:a:amazon:relational_database_service:*:*:*:*:*:mysql:*:*", "matchCriteriaId": "19020403-62DD-4582-94FC-C942145BE41C", "versionEndIncluding": "5.7.44-rds.20251212", "vulnerable": true}, {"criteria": "cpe:2.3:a:amazon:relational_database_service:*:*:*:*:*:mariadb:*:*", "matchCriteriaId": "D726E50A-7EF5-416D-A87A-2BF960AD2FE8", "versionEndIncluding": "10.6.24", "vulnerable": true}, {"criteria": "cpe:2.3:a:amazon:relational_database_service:*:*:*:*:*:mysql:*:*", "matchCriteriaId": "D0E5AB60-5EAB-4425-A5ED-D7A4C885412B", "versionEndIncluding": "8.0.44", "versionStartIncluding": "8.0.11", "vulnerable": true}, {"criteria": "cpe:2.3:a:amazon:relational_database_service:*:*:*:*:*:mysql:*:*", "matchCriteriaId": "245D28E5-72B2-425D-B45A-A8FF86253512", "versionEndIncluding": "8.4.7", "versionStartIncluding": "8.4.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:amazon:relational_database_service:*:*:*:*:*:mariadb:*:*", "matchCriteriaId": "231A1730-3772-4CBD-9987-88261193DE56", "versionEndIncluding": "10.11.15", "versionStartIncluding": "10.11.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:amazon:relational_database_service:*:*:*:*:*:mariadb:*:*", "matchCriteriaId": "BAFD31F7-359F-4CC7-8DDF-4543EB8478D7", "versionEndIncluding": "11.4.9", "versionStartIncluding": "11.4.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:amazon:relational_database_service:*:*:*:*:*:mariadb:*:*", "matchCriteriaId": "06BB3DE6-41A1-4D83-B3ED-E3200E8A414B", "versionEndIncluding": "11.8.5", "versionStartIncluding": "11.8.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In MariaDB server version through 11.8.5, when server audit plugin is enabled with server_audit_events variable configured with QUERY_DCL, QUERY_DDL, or QUERY_DML filtering, if an authenticated database user invokes a SQL statement prefixed with double-hyphen (\u2014) or hash (#) style comments, the statement is not logged."}, {"lang": "es", "value": "En la versi\u00f3n del servidor MariaDB hasta la 11.8.5, cuando el plugin de auditor\u00eda del servidor est\u00e1 habilitado con la variable server_audit_events configurada con el filtrado QUERY_DCL, QUERY_DDL o QUERY_DML, si un usuario de base de datos autenticado invoca una instrucci\u00f3n SQL prefijada con comentarios estilo doble guion (\u2014) o almohadilla (#), la instrucci\u00f3n no se registra."}], "id": "CVE-2026-3494", "lastModified": "2026-03-16T18:16:09.707", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "type": "Secondary"}]}, "published": "2026-03-03T20:16:50.667", "references": [{"source": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "tags": ["Third Party Advisory"], "url": "https://aws.amazon.com/security/security-bulletins/2026-006-AWS/"}, {"source": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "url": "https://github.com/MariaDB/server/commit/635559a2ad68a5a6d1a354e8209c58323dba0261"}, {"source": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "url": "https://github.com/aws/audit-plugin-for-mysql/commit/01e25a5cb1073f131eea774c06c8a056b1e4b2ff"}], "sourceIdentifier": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-778"}], "source": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "MariaDB: MariaDB: Information disclosure due to unlogged SQL statements with comments", "id": "2444155", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2444155"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "status": "draft"}, "cwe": "CWE-1286", "details": ["No description is available for this CVE."], "mitigation": {"lang": "en:us", "value": "To prevent authenticated users from bypassing logging of SQL statements prefixed with comments, disable the MariaDB Server Audit Plugin if its current behavior is not suitable for your auditing requirements.\nTo disable the plugin, modify your MariaDB configuration file (e.g., `/etc/my.cnf` or a file in `/etc/my.cnf.d/`) to set `server_audit_logging=OFF` within the `[mariadb]` section.\n```\n[mariadb]\nserver_audit_logging=OFF\n```\nAfter modifying the configuration, restart the MariaDB service for the changes to take effect:\n```bash\nsystemctl restart mariadb\n```\nDisabling this plugin will cease all auditing performed by the MariaDB Server Audit Plugin. Ensure this aligns with your security policies and that alternative auditing mechanisms are in place if comprehensive logging is required."}, "name": "CVE-2026-3494", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "mariadb10.11", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "mariadb11.8", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "mariadb", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "mariadb:10.11/mariadb", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "mariadb:10.3/mariadb", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "mariadb:10.5/mariadb", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "mariadb-devel:10.3/mariadb", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "mariadb", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "mariadb:10.11/mariadb", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-03-03T18:12:12Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-3494\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-3494\nhttps://aws.amazon.com/security/security-bulletins/2026-006-AWS/"], "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "2.12.6"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "3.04.6"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "3.10.3"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "3.11.1"}}], "enrichment": {"confidence": 81.0, "confidence_source": "matching", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 81.0, "source": "matching"}]}, "original": {"product": "Aurora MySQL", "source": "cna", "vendor": "Amazon"}, "product": "aurora", "vendor": "amazon"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "10.6.25"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "10.11.16"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "11.4.10"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "11.8.6"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "RDS for MariaDB", "source": "cna", "vendor": "Amazon"}, "product": "rds_for_mariadb", "vendor": "amazon"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "5.7.44-RDS.20260212"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "8.0.45"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "8.4.8"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "RDS for MySQL", "source": "cna", "vendor": "Amazon"}, "product": "rds_for_mysql", "vendor": "amazon"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "10.6.25"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "10.11.16"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "11.4.10"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "11.8.6"}}], "enrichment": {"confidence": 81.0, "confidence_source": "matching", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 81.0, "source": "matching"}]}, "original": {"product": "MariaDB Server", "source": "cna", "vendor": "MariaDB plc"}, "product": "mariadb", "vendor": "mariadb"}], "created": "2026-03-04T14:54:09.771973+00:00", "updated": "2026-03-04T14:54:09.772148+00:00", "vendors": ["amazon", "amazon$PRODUCT$aurora", "amazon$PRODUCT$rds_for_mariadb", "amazon$PRODUCT$rds_for_mysql", "mariadb", "mariadb$PRODUCT$mariadb"]}