MariaDB Server Audit Plugin Comment Handling Bypass

AWS ยท 2026-06-05

Actions

Rate this issue

Technical Details

Affected Versions 10.6.24 and prior, 10.11.15 and prior, 11.4.9 and prior, 11.8.5 and prior, 2.12.5 and prior, 3.01.0 to 3.04.5, 3.05.1 to 3.10.2, 3.11.0, 5.7.44-RDS.20251212 and prior, 8.0.11 to 8.0.44, 8.4.3 to 8.4.7
Regions all
CVE IDs CVE-2026-3494
Migration Required Yes
Cost Impact Neutral
IaC Impact High

What This Means

For DevOps Teams

Update Amazon Aurora MySQL, Amazon RDS for MySQL, and Amazon RDS for MariaDB to the specified versions to address the CVE-2026-3494 vulnerability and ensure proper logging of SQL statements.

For Platform Teams

Deploy the updated database engine versions to integrate the security fixes and maintain the reliability and security of the database audit logging functionality.

For Executives

Implement the latest database engine versions to mitigate the identified security vulnerability and ensure the integrity of audit logs, thereby reducing risk exposure and maintaining compliance.

Source

View original AWS announcement โ†’

Weekly AWS Digest in Your Inbox

No spam, no headlines. Just a weekly summary of the 3โ€“7 AWS changes that matter for DevOps and Platform teams.

๐Ÿ“ง Exactly 1 email per week โ€ข Every Tuesday โ€ข Unsubscribe anytime

Today: AWS only. Coming next: Azure and other major clouds.