Security
MariaDB Patches CVSS 10.0 RCE Flaw in Galera Cluster Replication Component
MariaDB has issued fixes for CVE-2026-49261, a CVSS 10.0 remote code execution vulnerability in the wsrep_notify_cmd feature used by Galera Cluster. Two additional CVSS 8.0 parameter-injection flaws were patched in the same May 27 release. Standalone MariaDB deployments are unaffected.