CVE-2026-40342 in Firebirdinfo

Zusammenfassung

von MITRE • 17.04.2026

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the external engine plugin loader concatenates a user-supplied engine name into a filesystem path without filtering path separators or .. components. An authenticated user with CREATE FUNCTION privileges can use a crafted ENGINE name to load an arbitrary shared library from anywhere on the filesystem via path traversal. The library's initialization code executes immediately during loading, before Firebird validates the module, achieving code execution as the server's OS account. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Zuständig

GitHub M

Reservieren

11.04.2026

Veröffentlichung

17.04.2026

Moderieren

akzeptiert

Eintrag

VDB-358105

CPE

bereit

CWE

CWE-22 (bestätigt)

CVSS

9.9 (CNA)

EPSS

0.00148

KEV

nein

Aktivitäten

very low

Sektor

Industry, Police, ...

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-40342
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-40342
CVE Details	https://www.cvedetails.com/cve/CVE-2026-40342/

◂ Zurück Übersicht Weiter ▸

Do you know our Splunk app?

Download it now for free!