Platform
mariadb
Component
mariadb-server
Fixed in
11.4.10
11.8.6
12.2.2
CVE-2026-35549 describes a denial-of-service (DoS) vulnerability in MariaDB Server. This flaw arises when a large network packet is sent to a server configured with the cachingsha2password authentication plugin, potentially leading to a server crash. The vulnerability impacts versions prior to 11.4.10, 11.5.x through 11.8.x before 11.8.6, and 12.x before 12.2.2. A fix is available in MariaDB Server 12.2.2.
An attacker can exploit this vulnerability by crafting and sending a malicious, oversized network packet to a MariaDB Server instance utilizing the cachingsha2password authentication plugin. The sha256cryptr function, which handles password hashing within the plugin, uses alloca for dynamic memory allocation. A sufficiently large packet can trigger an excessive memory allocation, ultimately leading to a buffer overflow and a server crash. This results in a denial of service, disrupting database operations and potentially impacting dependent applications. The impact is particularly severe for systems relying on MariaDB for critical data storage and processing.
This vulnerability was publicly disclosed on 2026-04-03. There is no indication of active exploitation at this time, and it is not currently listed on the CISA KEV catalog. Public proof-of-concept exploits are not yet available, but the vulnerability's nature suggests that development of such exploits is likely. The CVSS score of 6.5 (Medium) indicates a moderate probability of exploitation.
Exploit Status
EPSS
0.05% (15% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-35549 is to upgrade MariaDB Server to version 12.2.2 or later. If an immediate upgrade is not feasible due to compatibility concerns or downtime constraints, consider temporarily disabling the cachingsha2password authentication plugin. This can be achieved by modifying the authentication plugin configuration in the MariaDB server settings. Alternatively, implement network-level filtering to limit the size of incoming packets to the MariaDB server. After upgrading, confirm the fix by sending a large packet to the server and verifying that it does not crash.
Update MariaDB Server to version 11.4.10, 11.8.6, or 12.2.2, or later. This corrects the vulnerability that can cause the server to crash when receiving a large packet when the caching_sha2_password plugin is installed and configured for certain user accounts.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-35549 is a medium severity DoS vulnerability affecting MariaDB Server versions less than or equal to 12.2.2. A large packet can crash the server when using the cachingsha2password authentication plugin.
You are affected if you are running MariaDB Server versions prior to 12.2.2 and have the cachingsha2password authentication plugin enabled.
Upgrade to MariaDB Server version 12.2.2 or later. As a temporary workaround, disable the cachingsha2password authentication plugin.
There is currently no evidence of active exploitation, but the vulnerability's nature suggests potential for future exploitation.
Refer to the official MariaDB security advisory for CVE-2026-35549 on the MariaDB website (https://mariadb.com/security).
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.