Skip to main content

FileMaker Server EUVDEUVD-2026-42652

| CVE-2026-43752 MEDIUM
Unrestricted Upload of File with Dangerous Type (CWE-434)
2026-07-09 product-security@apple.com GHSA-xf6h-j6rm-x673
4.9
CVSS 3.1 · Vendor: apple
Share

Severity by source

Vendor (apple) PRIMARY
4.9 MEDIUM
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
vuln.today AI
9.1 CRITICAL

Admin-only access retains PR:H; RCE on host OS from application-level admin constitutes scope change (S:C), with full C/I/A impact.

3.1 AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Primary rating from Vendor (apple).

CVSS VectorVendor: apple

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

4
Analysis Generated
Jul 09, 2026 - 20:36 vuln.today
CVSS changed
Jul 09, 2026 - 19:22 NVD
4.9 (MEDIUM)
Patch available
Jul 09, 2026 - 19:01 EUVD
CVE Published
Jul 09, 2026 - 18:16 cve.org
UNKNOWN (no severity yet)

DescriptionCVE.org

An authenticated administrator may be able to achieve arbitrary code execution on the host system by uploading a malicious file through the Open Source LLM setup feature in the Admin Console. This vulnerability has been addressed in FileMaker Server 26.0.1.

AnalysisAI

Arbitrary code execution on the host operating system is achievable by an authenticated FileMaker Server administrator via a malicious file upload through the Open Source LLM setup feature - specifically the Miniforge installer upload path - in the Admin Console. All FileMaker Server versions prior to 26.0.1 are affected; the flaw is classified as CWE-434 (unrestricted upload of a dangerous file type) and was reported directly by Apple/Claris product security. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain FileMaker Server admin credentials
Delivery
Access Admin Console over network
Exploit
Navigate to Open Source LLM setup feature
Execution
Upload malicious Miniforge installer binary
Impact
Server executes attacker payload on host OS

Vulnerability AssessmentAI

Exploitation Exploitation requires a valid FileMaker Server administrator account (PR:H per CVSS vector). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The vendor-assigned CVSS score of 4.9 (Medium) using AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N materially understates impact: a vulnerability enabling arbitrary code execution on the host OS should carry I:H and A:H at minimum, and plausibly S:C representing a scope change from the FileMaker application to the host OS. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has acquired FileMaker Server administrator credentials - through phishing, credential stuffing, or insider access - connects to the Admin Console over the network, navigates to the Open Source LLM setup feature, and uploads a crafted Miniforge installer binary in place of a legitimate one. The server processes and executes the malicious file, granting the attacker arbitrary code execution on the host OS with the privileges of the FileMaker Server process. …
Remediation Upgrade to FileMaker Server 26.0.1, which addresses this vulnerability per the Claris vendor advisory at https://community.claris.com/en/s/article/Arbitrary-Code-Execution-Vulnerability-Addressed-in-FileMaker-Server-via-Miniforge-Installer-Upload. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-42652 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy