CVE-2026-44169

Vulnerability

In MariaDB server, a privilege check bypass exists in the handling of stored routine definitions. When a user is granted EXECUTE privilege on a stored routine via a role, they can view the routine's definition using SHOW CREATE PROCEDURE or SHOW CREATE FUNCTION even without the SHOW CREATE ROUTINE privilege [1][2]. This affects versions 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1 [2].

Exploitation

An attacker needs only a valid database account with the ability to be granted a role that has EXECUTE privilege on a stored routine. The attacker can then connect to the server, set the role, and execute SHOW CREATE PROCEDURE <routine_name> to retrieve the routine's source code [1]. No additional privileges are required.

Impact

The attacker gains unauthorized access to the stored routine's definition, which may contain sensitive business logic, credentials, or proprietary algorithms. This is a confidentiality breach, as the routine definition is normally protected by the SHOW CREATE ROUTINE privilege [2].

Mitigation

The issue has been patched in MariaDB versions 11.4.11, 11.8.7, and 12.3.2 [2]. Users should upgrade to these versions or later. As a workaround, administrators can avoid granting EXECUTE privilege via roles to untrusted users, or revoke the role from users who should not see routine definitions.