Cyber Resilience

CVE-2026-32710

High

Published: 20 March 2026

Published
20 March 2026
Modified
31 March 2026
KEV Added
Patch
CVSS Score v3.1 8.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0086 53.6th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-32710 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Mariadb Mariadb. Its CVSS base score is 8.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked in the top 46.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-32710 is a heap-based buffer overflow vulnerability (CWE-122) in the JSON_SCHEMA_VALID() function of MariaDB server, a community-developed fork of MySQL server. It affects MariaDB versions 11.4 prior to 11.4.10 and 11.8 prior to 11.8.6. An authenticated user can trigger the issue, leading to a server crash. The vulnerability carries a CVSS v3.1 base score of 8.5 (AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H), reflecting high impact potential despite elevated attack complexity.

An attacker with low-privilege authenticated access over the network can exploit this vulnerability by invoking the flawed JSON_SCHEMA_VALID() function, causing a denial-of-service via server crash. Under specific conditions requiring precise control over memory layout—typically feasible only in controlled lab environments—the crash could potentially escalate to remote code execution, granting high confidentiality, integrity, and availability impacts with a scope change.

MariaDB has addressed the issue in versions 11.4.10, 11.8.6, and 12.2.2. Official advisories, including the GitHub Security Advisory at https://github.com/MariaDB/server/security/advisories/GHSA-4rj5-2227-9wgc and the Jira ticket at https://jira.mariadb.org/browse/MDEV-38356, recommend upgrading to these patched releases as the primary mitigation.

EU & UK References

Vulnerability details

MariaDB server is a community developed fork of MySQL server. An authenticated user can crash MariaDB versions 11.4 before 11.4.10 and 11.8 before 11.8.6 via a bug in JSON_SCHEMA_VALID() function. Under certain conditions it might be possible to turn the…

more

crash into a remote code execution. These conditions require tight control over memory layout which is generally only attainable in a lab environment. This issue is fixed in MariaDB 11.4.10, MariaDB 11.8.6, and MariaDB 12.2.2.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Authenticated remote exploitation of heap buffer overflow in MariaDB server enables DoS via crash (T1499.004), potential RCE for privilege escalation (T1068), via remote service exploitation (T1210).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-62456Shared CWE-122
CVE-2025-58077Shared CWE-122
CVE-2025-62404Shared CWE-122
CVE-2025-58455Shared CWE-122
CVE-2025-62405Shared CWE-122
CVE-2025-59487Shared CWE-122
CVE-2026-23750Shared CWE-122
CVE-2025-59482Shared CWE-122
CVE-2026-35512Shared CWE-122
CVE-2025-54878Shared CWE-122

Affected Assets

mariadb
mariadb
12.1.2 · 11.4.1 — 11.4.10 · 11.8.1 — 11.8.6

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mandates timely remediation of known flaws like this heap buffer overflow via vendor patches such as MariaDB 11.4.10, 11.8.6, or 12.2.2.

prevent

Implements memory safeguards like ASLR and stack canaries to protect against heap-based buffer overflow exploitation leading to crashes or potential RCE.

prevent

Requires validation of inputs to functions like JSON_SCHEMA_VALID to block malformed data that triggers the buffer overflow.

References