CRITICAL🇵🇱 Wersja polska

CVE-2026-40342

CVSS 9.9v3.1pub. 2026-04-17upd. 2026-04-27

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the external engine plugin loader concatenates a user-supplied engine name into a filesystem path without filtering path separators or .. components. An authenticated user with CREATE FUNCTION privileges can use a crafted ENGINE name to load an arbitrary shared library from anywhere on the filesystem via path traversal. The library's initialization code executes immediately during loading, before Firebird validates the module, achieving code execution as the server's OS account. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14.

🤖 AI Analysis
How it works

The external engine plugin loader mechanism directly concatenates the user-supplied engine name with the system path, without filtering path separators or path traversal sequences such as '..'. An attacker with CREATE FUNCTION privileges can define a function with a crafted ENGINE name containing path traversal sequences, causing an arbitrary shared library to be loaded from any location in the file system. The initialization code of the loaded library is executed immediately upon loading, before Firebird performs any module validation, resulting in immediate code execution as the server system account.

Impact

An attacker can gain full control over the database server by executing arbitrary code in the context of the Firebird process system account, leading to breach of confidentiality, integrity and availability of data as well as potentially the entire host operating system.

Mitigation & patch

Firebird should be updated to version 5.0.4, 4.0.7 or 3.0.14 depending on the product branch in use. Patches are available in the manufacturer's GitHub repositories. Additionally, it is recommended to restrict the granting of CREATE FUNCTION permission exclusively to trusted and necessary users.

Who is affected

Firebird in versions prior to 5.0.4, 4.0.7 and 3.0.14

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
  • Firebirdsql Firebird

    APP
    Firebirdsql
    < 3.0.144.0.0 – 4.0.7 (bez)5.0.0 – 5.0.4 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEPath Traversal
CWE
References

Related vulnerabilities

CVE-2026-28224HIGH8.2ten sam produkt

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14...

CVE-2026-27890HIGH8.2ten sam produkt

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14...

CVE-2026-28212HIGH7.5ten sam produkt

Firebird is an open-source relational database management system. In versions prior to 6.0.0, 5.0.4, 4.0.7 and...

CVE-2025-65104HIGH7.9ten sam produkt

Firebird is an open-source relational database management system. In versions FB3 of the client library placed...

CVE-2026-33337HIGH7.5ten sam produkt

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14...