CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-3494

unknowncovered by 1 sourcefirst seen 2026-06-05
Bulletin ID: 2026-006-AWS Scope: AWS Content Type: Informational Publication Date: 2026/03/03 10:15 AM PST Description: Amazon RDS/Aurora is a managed relational database service. We identified CVE-2026-3494. In MariaDB server version through 11.8.5, when server audit plugin is enabled with server_audit_events variable configured with QUERY_DCL, QUERY_DDL, or QUERY_DML filtering, if an authenticated database user invokes a SQL statement prefixed with double-hyphen (‐‐) or hash (#) style comments, the statement is not logged. Impacted versions: - MariaDB Server (10.6.24 and prior, 10.11.15 and prior, 11.4.9 and prior, and 11.8.5 and prior) - Amazon Aurora MySQL (2.12.5 and prior, 3.01.0 to 3.04.5, 3.05.1 to 3.10.2, and 3.11.0) - Amazon RDS for MySQL (5.7.44-RDS.20251212 and prior, 8.0.11 to 8.0.44, and 8.4.3 to 8.4.7) - Amazon RDS for MariaDB (10.6.24 and prior, 10.11.4 to 10.11.15, 11.4.3 to 11.4.9, and 11.8.3 to 11.8.5) Please refer to the article below for the most up-to-date and complete information related to this AWS Security Bulletin.

CSIRTS triage

vendor: MariaDBproduct: MariaDB ServerInformation disclosureaffected: 10.6.24 and prior, 10.11.15 and prior, 11.4.9 and prior, and 11.8.5 and prior
What
An authenticated database user can bypass logging of certain SQL statements.
Who is affected
Authenticated users of MariaDB Server versions up to 11.8.5.
Urgency
Remediation is important as it may lead to unlogged sensitive operations.
Action
Upgrade to MariaDB Server version 11.8.6 or later.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch CVE-2026-3494

Get an email if CVE-2026-3494 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Exploitation outlook

Advisory coverage (1)

External references

NVD record for CVE-2026-3494

CVE.org record

Embed the live status

CVE-2026-3494 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-3494 status](https://www.csirts.com/badge/CVE-2026-3494)](https://www.csirts.com/cve/CVE-2026-3494)