CVE-2026-32710 is a heap-based buffer overflow vulnerability classified under CWE-122, discovered in the MariaDB server, a widely used open-source relational database management system. The flaw exists in the JSON_SCHEMA_VALID() function, which is responsible for validating JSON data against a schema. An authenticated user can trigger this vulnerability by supplying crafted input that causes the server to overflow a heap buffer, leading to a crash. Although the immediate impact is a denial-of-service condition, the vulnerability's nature allows, under very specific and tightly controlled memory layout conditions, the possibility of remote code execution (RCE). Achieving RCE requires precise manipulation of the server's memory, which is generally only feasible in a controlled lab environment, making real-world exploitation challenging. The affected versions include MariaDB 11.4 versions from 11.4.1 up to but not including 11.4.10, 11.8 versions from 11.8.1 up to 11.8.6, and 12.1.2 up to but not including 12.2.2. The vulnerability has a CVSS v3.1 base score of 8.6, indicating high severity with network attack vector, high complexity, low privileges required, no user interaction, and impacts on confidentiality, integrity, and availability with scope change. The issue has been addressed in MariaDB versions 11.4.10, 11.8.6, and 12.2.2. No known exploits have been reported in the wild to date, but the potential for serious impact warrants immediate attention.

The vulnerability poses a significant risk to organizations running affected MariaDB server versions, especially those exposing database services to authenticated users over the network. Exploitation can lead to denial-of-service conditions, disrupting critical database availability and potentially causing downtime for applications relying on MariaDB. More critically, although difficult, the possibility of remote code execution could allow attackers to execute arbitrary code with the privileges of the database server process, potentially leading to full system compromise, data theft, or further lateral movement within the network. The impact extends to confidentiality, integrity, and availability of data managed by MariaDB. Organizations in sectors with high reliance on MariaDB for transactional or analytical workloads, such as finance, e-commerce, healthcare, and government, face elevated risks. The vulnerability's requirement for authentication limits exposure but does not eliminate risk, especially in environments where user credentials may be compromised or where internal threat actors exist.

Organizations should immediately upgrade affected MariaDB server instances to versions 11.4.10, 11.8.6, or 12.2.2 or later, where the vulnerability is patched. In environments where immediate patching is not feasible, restrict access to the MariaDB server to trusted users and networks, enforce strong authentication and authorization controls, and monitor database logs for unusual JSON_SCHEMA_VALID() function usage patterns that could indicate exploitation attempts. Employ network segmentation to limit exposure of database servers and implement intrusion detection systems capable of recognizing anomalous database queries. Additionally, conduct regular audits of user privileges to minimize the number of accounts with the ability to invoke the vulnerable function. Consider deploying runtime application self-protection (RASP) or database activity monitoring solutions to detect and block suspicious behavior. Finally, maintain up-to-date backups and have an incident response plan ready to address potential exploitation scenarios.