Product

MariaDB

2 briefs RSS

eduMFA Token Reusage Vulnerability due to Incorrect InnoDB Snapshot Isolation

eduMFA versions prior to 2.9.1 are vulnerable to token reusage due to incorrect InnoDB snapshot isolation in MySQL and MariaDB versions prior to 11.6.2 (or newer with innodb_snapshot_isolation=off), affecting token types such as TOTP, HOTP, and likely WebAuthN, where tokens are intended for single use, requiring racing the transaction for exploitation.

MariaDB +1 vulnerability mfa token reusage

2r May 18, 2026

high advisory

MariaDB Vulnerability Allows Denial of Service and Potential Code Execution

2 rules 2 TTPs

A remote, authenticated attacker can exploit a vulnerability in MariaDB to perform a denial of service attack and potentially execute arbitrary program code.

MariaDB denial-of-service code-execution

2r 2t May 4, 2026