AISLE Finds 8 CVE Across MySQL, MariaDB, and PostgreSQL
Author
AISLE Research TeamDate Published

A large portion of the companies you interact with every day trust MySQL, MariaDB, or PostgreSQL with sensitive data. They run whenever you log into a medical portal, access financial records, or watch a YouTube video, which is one reason why the average cost of a data breach in the US is over $10 million.
As part of our mission of safeguarding the software that powers modern civilization, we used our autonomous analyzer to detect vulnerabilities in these three critical databases and found 8 CVEs. These findings underscore the importance of AI-native vulnerability detection for the continued defense of both personal data and intellectual property.
All eight findings were responsibly disclosed to the relevant maintainers, and have since been fixed. We strongly recommend updating to the latest releases of your database software if you have not done so already.
What AISLE Found
The findings cover denial of service, broken authorization, argument injection, SQL injection, and memory corruption. In each case, database code accepts some outside or semi-trusted value, then carries it into a much more sensitive internal path.
For instance, CVE-2026-6638 is an SQL injection vulnerability, but it doesn’t follow the usual application query path. Instead, during ALTER SUBSCRIPTION ... REFRESH PUBLICATION, a crafted table name could be interpolated into SQL that then runs on the publisher.
More broadly, these eight bugs live at the edges:
- where a replication message becomes cluster state
- where an authentication packet becomes a stack allocation
- where a role becomes an access-control decision
- where a URL becomes a command line
- where a table name becomes SQL
- where an integer becomes a buffer size
In other words, they are not just database bugs. Rather, they are bugs in the machinery that databases use to stay available, enforce permissions, coordinate state, and protect their own memory.
These issues are precisely the sort of edge cases that AI-native analysis excels at. Because vulnerabilities are reached through things as unassuming as a replication control flow, they might receive less human scrutiny. Yet a model-agnostic security system isn’t constrained by time and attention in the same way that human teams are. By matching compute power to security need, it can inspect every path without exploding costs.
See What AI Finds In Your Code
AISLE has discovered more CVEs than any other AI security product. Want to see what it finds in your code? AISLE Snapshot is a one-time code audit from the same engine that found these database CVEs, delivered in the environment of your choosing, from air-gapped networks to the cloud.
Our sincere thanks go to the maintainers of MySQL, MariaDB, and PostgreSQL for their collaboration. These findings were discovered by Pavel Kohout using AISLE.
Appendix
Finding | Project | Area | What happened |
|---|---|---|---|
MySQL | Group Replication | A malformed Group Replication message could crash a server in the replication group. | |
MySQL | Group Replication | A malformed state-exchange message could cause a hang or repeatable crash. | |
MySQL | Group Replication | A bad replication message could trigger a denial of service in the Group Replication plugin. | |
MariaDB | Authentication | A large authentication packet could reach stack allocations in | |
MariaDB | Routine privileges | A role-based privilege check could expose stored routine definitions to a user who should not receive them. | |
MariaDB | CONNECT storage engine | On Windows, an unsanitized REST URL could inject additional curl command-line arguments. | |
PostgreSQL | Server memory allocation | Integer wraparound could undersize an allocation and lead to an out-of-bounds write. | |
PostgreSQL | Logical replication |
|