Home

Description

An authenticated administrator may be able to achieve arbitrary code execution on the host system by uploading a malicious file through the Open Source LLM setup feature in the Admin Console. This vulnerability has been addressed in FileMaker Server 26.0.1.

PUBLISHED Reserved 2026-05-01 | Published 2026-07-09 | Updated 2026-07-09 | Assigner apple

Problem types

An authenticated administrator may be able to achieve arbitrary code execution on the host system by uploading a malicious file through the Open Source LLM setup feature in the Admin Console.

Product status

Any version before 26.0.1
affected

References

community.claris.com/...erver-via-Miniforge-Installer-Upload

cve.org (CVE-2026-43752)

nvd.nist.gov (CVE-2026-43752)

Download JSON