Vulnerability Description
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the external engine plugin loader concatenates a user-supplied engine name into a filesystem path without filtering path separators or .. components. An authenticated user with CREATE FUNCTION privileges can use a crafted ENGINE name to load an arbitrary shared library from anywhere on the filesystem via path traversal. The library's initialization code executes immediately during loading, before Firebird validates the module, achieving code execution as the server's OS account. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Firebirdsql | Firebird | < 3.0.14 |
Related Weaknesses (CWE)
References
- https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14Release Notes
- https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7Release Notes
- https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4Release Notes
- https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-7pxc-h3rv-r257Vendor AdvisoryExploit
FAQ
What is CVE-2026-40342?
CVE-2026-40342 is a vulnerability with a CVSS score of 9.9 (CRITICAL). Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the external engine plugin loader concatenates a user-supplied engine name into a filesy...
How severe is CVE-2026-40342?
CVE-2026-40342 has been rated CRITICAL with a CVSS base score of 9.9/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2026-40342?
Check the references section above for vendor advisories and patch information. Affected products include: Firebirdsql Firebird.