AISLE Finds 8 CVE Across MySQL, MariaDB, and PostgreSQL

Date Published

a stylized representation of databases

A large portion of the companies you interact with every day trust MySQL, MariaDB, or PostgreSQL with sensitive data. They run whenever you log into a medical portal, access financial records, or watch a YouTube video, which is one reason why the average cost of a data breach in the US is over $10 million.

As part of our mission of safeguarding the software that powers modern civilization, we used our autonomous analyzer to detect vulnerabilities in these three critical databases and found 8 CVEs. These findings underscore the importance of AI-native vulnerability detection for the continued defense of both personal data and intellectual property.

All eight findings were responsibly disclosed to the relevant maintainers, and have since been fixed. We strongly recommend updating to the latest releases of your database software if you have not done so already.

What AISLE Found

The findings cover denial of service, broken authorization, argument injection, SQL injection, and memory corruption. In each case, database code accepts some outside or semi-trusted value, then carries it into a much more sensitive internal path.

For instance, CVE-2026-6638 is an SQL injection vulnerability, but it doesn’t follow the usual application query path. Instead, during ALTER SUBSCRIPTION ... REFRESH PUBLICATION, a crafted table name could be interpolated into SQL that then runs on the publisher.

More broadly, these eight bugs live at the edges:

  • where a replication message becomes cluster state
  • where an authentication packet becomes a stack allocation
  • where a role becomes an access-control decision
  • where a URL becomes a command line
  • where a table name becomes SQL
  • where an integer becomes a buffer size

In other words, they are not just database bugs. Rather, they are bugs in the machinery that databases use to stay available, enforce permissions, coordinate state, and protect their own memory.

These issues are precisely the sort of edge cases that AI-native analysis excels at. Because vulnerabilities are reached through things as unassuming as a replication control flow, they might receive less human scrutiny. Yet a model-agnostic security system isn’t constrained by time and attention in the same way that human teams are. By matching compute power to security need, it can inspect every path without exploding costs.

See What AI Finds In Your Code

AISLE has discovered more CVEs than any other AI security product. Want to see what it finds in your code? AISLE Snapshot is a one-time code audit from the same engine that found these database CVEs, delivered in the environment of your choosing, from air-gapped networks to the cloud.

Get your Snapshot

Our sincere thanks go to the maintainers of MySQL, MariaDB, and PostgreSQL for their collaboration. These findings were discovered by Pavel Kohout using AISLE.

Appendix

Finding

Project

Area

What happened

CVE-2026-34270

MySQL

Group Replication

A malformed Group Replication message could crash a server in the replication group.

CVE-2026-34271

MySQL

Group Replication

A malformed state-exchange message could cause a hang or repeatable crash.

CVE-2026-34276

MySQL

Group Replication

A bad replication message could trigger a denial of service in the Group Replication plugin.

CVE-2026-35549

MariaDB

Authentication

A large authentication packet could reach stack allocations in sha256_crypt_r() and crash the server.

CVE-2026-44169

MariaDB

Routine privileges

A role-based privilege check could expose stored routine definitions to a user who should not receive them.

CVE-2026-44170

MariaDB

CONNECT storage engine

On Windows, an unsanitized REST URL could inject additional curl command-line arguments.

CVE-2026-6473

PostgreSQL

Server memory allocation

Integer wraparound could undersize an allocation and lead to an out-of-bounds write.

CVE-2026-6638

PostgreSQL

Logical replication

ALTER SUBSCRIPTION ... REFRESH PUBLICATION could allow SQL injection through a crafted table name.