MariaDB Server and Amazon RDS/Aurora Audit Logging Vulnerability Bypass

A vulnerability exists in MariaDB server versions prior to 11.8.5, as well as in Amazon RDS for MySQL, Amazon RDS for MariaDB, and Amazon Aurora MySQL, under certain conditions. When the server audit plugin is active and configured to filter QUERY_DCL, QUERY_DDL, or QUERY_DML events, SQL statements prefixed with double-hyphen or hash comments are not recorded in the audit log. This issue could lead to a lack of accountability for database actions, as certain user-initiated commands would go unlogged and potentially unnoticed.

Impact

Exploitation of this vulnerability causes SQL statements to be omitted from the audit log, creating a gap in accountability for database actions.

Remediation

Users can upgrade to MariaDB server versions 10.6.25, 10.11.16, 11.4.10, or 11.8.6. For Amazon RDS for MySQL, versions 5.7.44-RDS.20260212, 8.0.45, and 8.4.8 are available. Amazon RDS for MariaDB users should upgrade to versions 10.6.25, 10.11.16, 11.4.10, or 11.8.6. For Amazon Aurora MySQL, the recommended versions are 2.12.6, 3.04.6, 3.10.3, and 3.11.1.