cve 2026 3494

CVE-2026-3494 is a vulnerability in MariaDB's audit subsystem that allows authenticated users to bypass audit logging by using SQL comment markers in their queries. When certain query-filtering options are enabled, the server audit plugin may fail to record these statements, leaving gaps in audit logs. This issue affects MariaDB deployments where audit logging is relied upon for security monitoring and compliance. The vulnerability has been documented by NVD and AWS security bulletins, and administrators are advised to apply patches or configuration changes to ensure complete audit coverage.