CVE-2026-43752 in FileMaker Serverinfo

Summary

by MITRE • 07/09/2026

An authenticated administrator may be able to achieve arbitrary code execution on the host system by uploading a malicious file through the Open Source LLM setup feature in the Admin Console. This vulnerability has been addressed in FileMaker Server 26.0.1.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Analysis

by VulDB Data Team • 07/09/2026

This vulnerability represents a critical privilege escalation flaw that allows authenticated administrators to execute arbitrary code on the underlying host system through a carefully crafted file upload mechanism within the FileMaker Server administrative interface. The issue stems from insufficient input validation and sanitization during the Open Source LLM setup process, which permits malicious file uploads that can subsequently be executed with elevated privileges. The vulnerability exists specifically within the Admin Console's handling of uploaded files for machine learning model deployment, creating a path for attackers who have already gained administrative access to escalate their compromise to full system control.

The technical implementation of this flaw involves improper validation of file types and content during the upload process for Open Source LLM configurations. When administrators upload model files through the setup feature, the system fails to properly verify file extensions, content signatures, or executable attributes, allowing potentially malicious binaries or scripts to be stored on the server. This weakness enables attackers to bypass normal security boundaries that typically protect against arbitrary code execution, as the uploaded files are processed with administrative privileges and may be executed during subsequent operations within the FileMaker Server environment. The vulnerability aligns with CWE-434 which specifically addresses insecure file upload vulnerabilities where systems accept untrusted files without proper validation.

The operational impact of this vulnerability extends beyond simple privilege escalation to potentially enable full system compromise and lateral movement within network environments. Once an attacker successfully uploads a malicious payload, they can execute arbitrary commands with the highest privileges available to the FileMaker Server service account, which typically operates at the system level. This creates opportunities for data exfiltration, persistence mechanisms installation, and further exploitation of other systems within the network infrastructure. The vulnerability also represents a significant risk to organizations that rely on FileMaker Server for critical business operations, as it allows attackers to gain complete control over database servers and potentially access sensitive organizational data.

Organizations should immediately implement mitigations including updating to FileMaker Server 26.0.1 which contains patches addressing this specific vulnerability. Additional defensive measures include implementing network segmentation around FileMaker Server environments, restricting administrative access through principle of least privilege, and deploying file integrity monitoring solutions that can detect unauthorized file uploads. Security teams should also conduct thorough reviews of existing administrative accounts and implement multi-factor authentication for all administrative access points. This vulnerability demonstrates the importance of validating all user-supplied content even within trusted administrative interfaces, as highlighted by ATT&CK technique T1059 which covers execution through command and scripting interpreters, and T1548.002 which addresses privilege escalation through abuse of administrative privileges. Organizations should also consider implementing web application firewalls and content inspection mechanisms to detect and prevent malicious file upload attempts.

Responsible

Apple

Reservation

05/02/2026

Disclosure

07/09/2026

Moderation

accepted

CPE

ready

EPSS

0.00000

KEV

no

Activities

very low

Sources

Want to know what is going to be exploited?

We predict KEV entries!