Platform
linux
Component
firebird
Fixed in
3.0.15
4.0.1
5.0.1
CVE-2026-40342 describes a Remote Code Execution (RCE) vulnerability discovered in FirebirdSQL, an open-source relational database management system. This vulnerability allows an authenticated user with CREATE FUNCTION privileges to execute arbitrary code on the server. The issue affects versions 3.0.0 through 5.0.3, specifically excluding 5.0.4 and earlier, and is addressed in version 3.0.14.
The impact of this vulnerability is severe. An attacker, possessing CREATE FUNCTION privileges, can leverage path traversal within the external engine plugin loader to execute arbitrary code. This code runs with the privileges of the FirebirdSQL server's operating system account, granting the attacker complete control over the database server and potentially the underlying system. Successful exploitation could lead to data breaches, system compromise, and denial of service. The ability to load arbitrary shared libraries before validation significantly elevates the risk, as malicious code can be injected without traditional security checks. This resembles the impact of vulnerabilities that allow arbitrary code execution through plugin loading mechanisms.
CVE-2026-40342 was published on 2026-04-17. The vulnerability is considered critical due to the ease of exploitation and the potential for complete system compromise. No public proof-of-concept (PoC) code has been publicly released as of this writing, but the vulnerability's nature suggests that a PoC is likely to emerge. It is not currently listed on CISA KEV, but its severity warrants monitoring. Active exploitation is not confirmed.
Exploit Status
EPSS
0.08% (25% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-40342 is to upgrade FirebirdSQL to version 3.0.14 or later. If an immediate upgrade is not feasible, consider restricting CREATE FUNCTION privileges to trusted users only. Implement strict file system access controls to limit the attacker's ability to write to sensitive directories. While a WAF or proxy cannot directly prevent this path traversal, it might be configured to monitor for suspicious engine names or file access patterns. Carefully review any custom engine plugins for potential vulnerabilities. After upgrading, verify the fix by attempting to load a non-existent engine and confirming that the server rejects the request with an appropriate error message.
Update Firebird to version 5.0.4, 4.0.7, or 3.0.14 to mitigate the vulnerability. The update corrects the lack of validation of path separators and '..' components in the external engine name, preventing remote code execution. Ensure you apply Firebird security updates regularly.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-40342 is a critical Remote Code Execution vulnerability in FirebirdSQL databases, allowing authenticated users to execute arbitrary code via path traversal.
You are affected if you are running FirebirdSQL versions 3.0.0–>= 5.0.0, < 5.0.4. Upgrade to 3.0.14 or later to mitigate the risk.
Upgrade FirebirdSQL to version 3.0.14 or later. Restrict CREATE FUNCTION privileges as a temporary workaround.
Active exploitation is not currently confirmed, but the vulnerability's severity suggests potential for exploitation.
Refer to the official FirebirdSQL security advisory for detailed information and updates: [https://www.firebirdsql.org/security/](https://www.firebirdsql.org/security/)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.