CVE-2026-32710: 
MariaDB Server Analisi e mitigazione delle vulnerabilità

CVE-2026-32710 is a heap-based buffer overflow vulnerability in the JSON_SCHEMA_VALID() function of MariaDB Server, allowing an authenticated attacker to crash the database or potentially achieve remote code execution. It affects MariaDB versions 11.4.1–11.4.9, 11.8.1–11.8.5, and 12.1.2. The vulnerability was published on March 20, 2026, and patches were released the same day. It carries a CVSS v3.1 base score of 9.9 (Critical) per NVD scoring, or 8.5 (High) per the MariaDB GitHub advisory (GitHub Advisory, Red Hat Bugzilla).

The root cause is a heap-based buffer overflow (CWE-122) and classic buffer overflow (CWE-120) in MariaDB's implementation of the JSON_SCHEMA_VALID() SQL function. An authenticated user can send a crafted SQL query invoking this function to trigger an out-of-bounds write on the heap, causing a server crash. Under tightly controlled memory layout conditions — generally only reproducible in a lab environment — the overflow could potentially be leveraged for remote code execution. The vulnerability was discovered by Team Xint Code as part of the zeroday.cloud research program, and a public PoC has since appeared on GitHub (GitHub Advisory, MariaDB JIRA).

Successful exploitation by an authenticated attacker results in a confirmed denial of service via server crash, disrupting database availability for all connected applications. Under specific memory layout conditions achievable in controlled environments, the vulnerability could escalate to remote code execution with the privileges of the MariaDB server process, potentially compromising confidentiality and integrity of all hosted data. The changed scope in the CVSS vector indicates that a successful RCE could impact resources beyond the database itself, enabling lateral movement within the hosting environment (GitHub Advisory, Red Hat Bugzilla).

Upgrade to a patched version immediately: MariaDB 11.4.10 (for 11.4.x users), MariaDB 11.8.6 (for 11.8.x users), or MariaDB 12.2.2 (for 12.1.2 users) (GitHub Advisory). Red Hat Enterprise Linux users should apply RHSA-2026:19021 (RHEL 10) or RHSA-2026:19182 (RHEL 9), and openSUSE users should apply the relevant security announcements (Red Hat Bugzilla). As interim mitigations, restrict database access to trusted users only, implement network segmentation to limit MariaDB exposure, and monitor for anomalous JSON_SCHEMA_VALID() function calls in query logs.

The vulnerability received coverage from Heise Online, describing it as enabling "malicious code or crashes" in MariaDB databases, and from CSO Online and InfoWorld, which highlighted it alongside a related PostgreSQL finding as AI-discovered 20-year-old bugs (Heise Online, CSO Online). The zeroday.cloud team published a technical deep-dive blog post on the vulnerability (zeroday.cloud). The Hacker News weekly recap included the vulnerability in its roundup, and social media discussion appeared on Mastodon and Bluesky, indicating moderate community awareness. The PoC publication by researcher @dinosn on GitHub generated additional attention from the security community.