CVE-2026-40342
Firebird · Relational Database Management System (RDBMS)
Firebird versions prior to 5.0.4, 4.0.7, and 3.0.14 are susceptible to arbitrary code execution via path traversal in the external engine plugin loader.
Executive summary
An authenticated user with specific privileges can achieve arbitrary code execution in Firebird databases by exploiting a path traversal vulnerability in the plugin loader.
Vulnerability
The external engine plugin loader fails to sanitize user-supplied engine names, allowing an authenticated attacker with CREATE FUNCTION privileges to perform path traversal. This allows the loading of arbitrary shared libraries, which execute during initialization with the permissions of the database server process.
Business impact
With a CVSS score of 9.9, this vulnerability represents an critical risk to the underlying host server. An attacker capable of executing arbitrary code with the privileges of the database service can fully compromise the host operating system, access all stored data, and potentially pivot into the internal network.
Remediation
Immediate Action: Update Firebird to versions 5.0.4, 4.0.7, or 3.0.14 as appropriate for your deployment.
Proactive Monitoring: Audit database privileges to ensure that only trusted users are granted CREATE FUNCTION rights and monitor for unexpected shared library loading activities.
Compensating Controls: Restrict the service account permissions of the Firebird database process to the minimum level necessary, following the principle of least privilege.
Exploitation status
Public Exploit Available: No
Analyst recommendation
Given the potential for complete system compromise, immediate patching is required. Organizations should also review existing user roles to ensure that administrative privileges are strictly limited to authorized personnel to mitigate the impact of internal threats.