Webinar | MariaDB AI RAG: Replacing Complex Pipeline Tooling with One REST API
Watch Now
Ctrlk
Download MariaDBContact Us
Edit

Release Notes for MariaDB Enterprise Server 10.6.25-22

MariaDB Enterprise Server 10.6.25-22 is a Stable (GA) maintenance release of MariaDB Enterprise Server 10.6, released on 2026-06-02

Download Overview of Enterprise Server 10.6

Release date: 2 Jun 2026

MariaDB 10.6.25-22, a Stable (GA) release of MariaDB Enterprise Server 10.6 released on 2026-06-02, is a corrective release that includes fixes for high-rated security vulnerabilities reported for MariaDB Enterprise Cluster (Galera), as defined in our engineering policy.

See what's new in MariaDB Enterprise Server 10.6

Fixed Security Vulnerabilities

CVE ID (with cve.org link)
CVSS base score (v3.1)

CVE-2026-49261

10.0

CVE-2026-48165

8.0

CVE-2026-48163

8.0

CVE-2026-44168

8.0

Full list of Fixed Security Vulnerabilities in MariaDB Enterprise Server

Notable Items

Can result in unexpected behaviour

  • A parameter-injection gap existed in wsrep_sst_rsync because it failed to validate the joiner-supplied WSREP_SST_OPT_REMOTE_USER and WSREP_SST_OPT_REMOTE_PSWD values before interpolating them into the donor-written stunnel.conf and the rsync magic file MENT-2659

  • An appropriately privileged user (with SUPER privileges) could execute shell commands as the uid of the mariadbd process because the values of the system variables wsrep_sst_donor and wsrep_sst_receive_address, which can be modified at runtime, were not properly sanitized when used to construct a shell command MENT-2660

  • The wsrep_notify_cmd functionality was susceptible to a parameter-injection vulnerability, as it failed to validate the peer-supplied wsrep_node_name and wsrep_node_incoming_address values before interpolating them into the notification command line MENT-2661

  • The wsrep_sst_mariabackup script on donor nodes incorrectly trusted and processed command-line parameters sent by the joiner node without proper input verification MENT-2673

Platforms

In alignment to the enterprise lifecycle, MariaDB Enterprise Server 10.6.25-22 is provided for:

  • AlmaLinux 8 (x86_64, ARM64)

  • AlmaLinux 9 (x86_64, ARM64)

  • Debian 11 (x86_64, ARM64)

  • Debian 12 (x86_64, ARM64)

  • Oracle Linux 8 (x86_64, ARM64)

  • Oracle Linux 9 (x86_64, ARM64)

  • Red Hat Enterprise Linux 8 (x86_64, ARM64)

  • Red Hat Enterprise Linux 9 (x86_64, ARM64, PPC64LE)

  • Rocky Linux 8 (x86_64, ARM64)

  • Rocky Linux 9 (x86_64, ARM64)

  • SUSE Linux Enterprise Server 12 (x86_64)

  • SUSE Linux Enterprise Server 15 (x86_64, ARM64)

  • Ubuntu 22.04 (x86_64, ARM64)

  • Ubuntu 24.04 (x86_64, ARM64)

  • Microsoft Windows (x86_64) (Without MariaDB Enterprise Cluster (Galera) support)

  • Red Hat UBI 8 (x86_64, ARM64)

    • Red Hat UBI 8 is part of the Enterprise Server Docker Image. It does not support MariaDB Enterprise Cluster (Galera) or MariaDB ColumnStore.

Some components of MariaDB Enterprise Server are supported on a subset of platforms. See MariaDB Engineering Policies for details.

Installation Instructions

Upgrade Instructions

This page is: Copyright © 2025 MariaDB. All rights reserved.

spinner
PreviousWhat's New in MariaDB Enterprise Server 10.6?NextRelease Notes for MariaDB Enterprise Server 10.6.25-21

Last updated

Was this helpful?