What is CVE-2021-46661?

CVE-2021-46661 affects MariaDB versions up to 10.5.9, allowing an application crash via an unused common table expression. Immediate action is recommended to mitigate impact.

What is the severity of CVE-2021-46661?

CVE-2021-46661 has a severity rating of MEDIUM with a CVSS base score of 5.5.

CVE-2021-46661 | Medium Vulnerability in MariaDB

CVE-2021-46661 is a vulnerability affecting MariaDB versions through 10.5.9. This vulnerability allows an application crash in the functions find_field_in_tables and find_order_in_list due to an unused common table expression (CTE). With a CVSS score of 5.5, classified as medium severity, this vulnerability poses a risk that organizations must not overlook.

The potential risk to organizations includes system downtime and disruption of services, which can affect critical operations. As this vulnerability is categorized under medium severity, it should be addressed in the priority patch cycle to prevent service interruptions.

No known exploits have been confirmed for this vulnerability, but the implications of an application crash can lead to significant operational challenges. Therefore, organizations using affected versions of MariaDB should prioritize remediation.

The urgency for defenders is clear: organizations must address this vulnerability swiftly to maintain operational integrity and prevent any disruptions caused by potential crashes.

Vulnerability Details

The official description of CVE-2021-46661 states that it allows an application crash in MariaDB through 10.5.9 via unused common table expressions. The vulnerability is classified as a medium severity issue with a CVSS score of 5.5, indicating a moderate level of risk. Affected products include MariaDB and Fedora, with publication dates in February 2022.

Technical Analysis

The root cause of this vulnerability stems from the handling of common table expressions in the MariaDB codebase. An unused CTE can trigger a crash in the application when the specific functions find_field_in_tables and find_order_in_list are executed.

The attack vector is local, meaning that an attacker would need local access to the database to exploit this vulnerability. The complexity of the attack is low, requiring minimal skill to execute. Privileges required are also low, as attackers need only basic access to the affected system.

No user interaction is required to exploit this vulnerability, making it even more critical. The availability impact is high, resulting in potential downtime for services relying on the affected MariaDB instance.

Risk & Impact Analysis

The real-world deployment risk of CVE-2021-46661 is significant. Organizations utilizing affected versions of MariaDB may face application crashes, leading to downtime and disruption of services. The blast radius potential includes all systems relying on the database, making this a critical issue.

The urgency assessment based on the CVSS score indicates that organizations should address this vulnerability in their patch cycle. Taking swift action can mitigate the risk of application crashes and maintain operational integrity.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The vulnerability affects the following versions of MariaDB: versions from 10.2.0 to 10.2.42, 10.3.0 to 10.3.34, 10.4.0 to 10.4.24, 10.5.0 to 10.5.14, 10.6.0 to 10.6.6, and 10.7.0 to 10.7.2. Organizations should ensure they upgrade to the latest patched versions to mitigate risk.

Mitigation & Remediation

Organizations should prioritize applying available patches for MariaDB to mitigate this vulnerability. It is recommended to upgrade to the latest stable version to ensure all security issues are addressed. Additionally, organizations should review their configurations and implement best practices for database security.

For more information on securing your MariaDB installation, organizations may consider consulting resources on application security assessments.

Detection Guidance

Monitoring for abnormal application behavior, reviewing logs for crash reports, and ensuring all database connections are authenticated are key practices. Additionally, organizations should observe any patterns that deviate from normal operational behavior to detect potential exploitation attempts.

AppSecure Threat Intelligence Insight

The long-term significance of CVE-2021-46661 is underscored by the prevalence of database vulnerabilities in modern applications. This incident highlights the importance of rigorous testing and validation of application code, especially in database interactions.

Security teams are encouraged to conduct regular reviews of database configurations and to ensure they are following best practices. For additional guidance, organizations can explore penetration testing methodologies and keep abreast of emerging threats in the database security landscape.

Remaining vigilant and proactive in the face of vulnerabilities like CVE-2021-46661 will aid organizations in fortifying their defenses against potential exploitation.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2021-46661: Medium Vulnerability in MariaDB