CVE-2026-40342

CVSS v3.1

9.9

Critical

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Firebird versions prior to 5.0.4 Firebird versions prior to 4.0.7 Firebird versions prior to 3.0.14

Description The external engine plugin loader concatenates a user-supplied engine name into a filesystem path without filtering path separators or dot-dot (..) components. An authenticated user with CREATE FUNCTION privileges can use a crafted ENGINE parameter to perform path traversal and load an arbitrary shared library from any location on the filesystem. The initialization code of the library executes immediately upon loading, before the system validates the module, allowing for code execution under the server's operating system account.

Recommendations Update to version 5.0.4 Update to version 4.0.7 Update to version 3.0.14

Exploit

Fix

RCE

Path traversal

Code Injection

Uncontrolled Search Path Element

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22CWE-94CWE-73CWE-427

Related Identifiers

CVE-2026-40342

OESA-2026-2013

OESA-2026-2014

OESA-2026-2015

OESA-2026-2016

OESA-2026-2017

Affected Products

Firebird

CVE-2026-40342

Weakness Enumeration

Related Identifiers

Affected Products

References · 35