4.9
CVE-2026-43752
- EPSS 0.29%
- Veröffentlicht 09.07.2026 17:19:10
- Zuletzt bearbeitet 10.07.2026 14:34:22
- Quelle product-security@apple.com
- CVE-Watchlists
- Unerledigt
An authenticated administrator may be able to achieve arbitrary code execution on the host system by uploading a malicious file through the Open Source LLM setup feature in the Admin Console. This vulnerability has been addressed in FileMaker Server 26.0.1.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Claris ≫ Filemaker Server Version < 26.0.1
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.29% | 0.207 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 4.9 | 1.2 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
|
CWE-434 Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
https://community.claris.com/en/s/article/Arbitrary-Code-Execution-Vulnerability-Addressed-in-FileMaker-Server-via-Miniforge-Installer-Upload