Webinar | MariaDB AI RAG: Replacing Complex Pipeline Tooling with One REST API
Watch Now
Ctrlk
Download MariaDBContact Us
Edit

MariaDB 10.6.27 Release Notes

MariaDB 10.6.27 is a Stable (GA) release of MariaDB Community Server 10.6, released on 2026-05-27

Download Release Notes Changelog Overview of 10.6

Alternate download from mariadb.org

Release date: 27 May 2026

MariaDB 10.6.27 is a Stable (GA) corrective release of MariaDB Community Server 10.6. Released on 2026-05-27, this version includes fixes for high-severity security vulnerabilities reported for MariaDB Cluster (Galera), as defined in our engineering policy (see https://mariadb.com/engineering-policies/).

For an overview of MariaDB 10.6 see the MariaDB 10.6 Changes & Improvements page.

Notable Items

MariaDB Cluster (Galera)

  • A parameter-injection gap existed in wsrep_sst_rsync because it failed to validate the joiner-supplied WSREP_SST_OPT_REMOTE_USER and WSREP_SST_OPT_REMOTE_PSWD values before interpolating them into the donor-written stunnel.conf and the rsync magic file MDEV-39648

  • An appropriately privileged user (with SUPER privileges) could execute shell commands as the uid of the mariadbd process because the values of the system variables wsrep_sst_donor and wsrep_sst_receive_address, which can be modified at runtime, were not properly sanitized when used to construct a shell command MDEV-39676

  • The wsrep_notify_cmd functionality was susceptible to a parameter-injection vulnerability, as it failed to validate the peer-supplied wsrep_node_name and wsrep_node_incoming_address values before interpolating them into the notification command line MDEV-39721

  • Galera updated to 26.4.27

Security

Fixes for the following security vulnerabilities

CVE ID (with cve.org link)
CVSS base score (v3.1)

CVE-2026-49261

10.0

CVE-2026-48165

8.0

CVE-2026-48163

8.0

Changelog

For a complete list of changes made in MariaDB 10.6.27, with links to detailed information on each push, see the changelog.

Be notified of new MariaDB Server releases automatically by subscribing to the MariaDB Foundation community announce 'at' lists.mariadb.org announcement list (this is a low traffic, announce-only list). MariaDB plc customers will be notified for all new releases, security issues and critical bug fixes for all MariaDB plc products thanks to the Notification Services.

MariaDB may already be included in your favorite OS distribution. More information can be found on the Distributions which Include MariaDB page.

This page is licensed: CC BY-SA / Gnu FDL

spinner
PreviousMariaDB 10.6 Changes & ImprovementsNextMariaDB 10.6.26 Release Notes

Last updated

Was this helpful?