CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

MariaDB Server Audit Plugin Comment Handling Bypass

unknownCVE-2026-3494
Bulletin ID: 2026-006-AWS Scope: AWS Content Type: Informational Publication Date: 2026/03/03 10:15 AM PST Description: Amazon RDS/Aurora is a managed relational database service. We identified CVE-2026-3494. In MariaDB server version through 11.8.5, when server audit plugin is enabled with server_audit_events variable configured with QUERY_DCL, QUERY_DDL, or QUERY_DML filtering, if an authenticated database user invokes a SQL statement prefixed with double-hyphen (‐‐) or hash (#) style comments, the statement is not logged. Impacted versions: - MariaDB Server (10.6.24 and prior, 10.11.15 and prior, 11.4.9 and prior, and 11.8.5 and prior) - Amazon Aurora MySQL (2.12.5 and prior, 3.01.0 to 3.04.5, 3.05.1 to 3.10.2, and 3.11.0) - Amazon RDS for MySQL (5.7.44-RDS.20251212 and prior, 8.0.11 to 8.0.44, and 8.4.3 to 8.4.7) - Amazon RDS for MariaDB (10.6.24 and prior, 10.11.4 to 10.11.15, 11.4.3 to 11.4.9, and 11.8.3 to 11.8.5) Please refer to the article below for the most up-to-date and complete information related to this AWS Security Bulletin.

CSIRTS triage

vendor: MariaDBproduct: MariaDB ServerInformation disclosureaffected: 10.6.24 and prior, 10.11.15 and prior, 11.4.9 and prior, and 11.8.5 and prior
What
An authenticated database user can bypass logging of certain SQL statements.
Who is affected
Authenticated users of MariaDB Server versions up to 11.8.5.
Urgency
Remediation is important as it may lead to unlogged sensitive operations.
Action
Upgrade to MariaDB Server version 11.8.6 or later.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch MariaDB Server

Get an email when a new MariaDB Server advisory drops — max one per day, one-click unsubscribe.

Details

Source
AWS Security Bulletins (INTL · vendor-psirt · site)
Severity
unknown
Published
2026-06-05
Exploitation
Not in CISA KEV at last sync

Original advisory: https://aws.amazon.com/security/security-bulletins/rss/2026-006-aws/

Exploitation outlook

EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.

Referenced CVEs

CVECSIRTS overviewExternal
CVE-2026-3494coverage & exploitation statusNVD · CVE.org

More from AWS Security Bulletins