Vulnerability Details CVE-2026-43680
A Remote Code Execution vulnerability in Claris FileMaker Cloud allowed a user with Admin Console privileges to bypass a front-end restriction on OS Script schedule types and execute arbitrary operating system commands on the underlying host. This issue is fixed in FileMaker Cloud 2.22.0.5.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 38.1%
CVSS Severity
CVSS v3 Score 7.2
Products affected by CVE-2026-43680
-
cpe:2.3:a:claris:filemaker_cloud:2.20.1.1
-
cpe:2.3:a:claris:filemaker_cloud:2.20.1.2
-
cpe:2.3:a:claris:filemaker_cloud:2.20.1.215
-
cpe:2.3:a:claris:filemaker_cloud:2.20.1.3
-
cpe:2.3:a:claris:filemaker_cloud:2.20.1.4
-
cpe:2.3:a:claris:filemaker_cloud:2.20.1.6
-
cpe:2.3:a:claris:filemaker_cloud:2.21.0.1
-
cpe:2.3:a:claris:filemaker_cloud:2.21.0.2
-
cpe:2.3:a:claris:filemaker_cloud:2.21.0.3
-
cpe:2.3:a:claris:filemaker_cloud:2.21.1.1
-
cpe:2.3:a:claris:filemaker_cloud:2.21.1.2
-
cpe:2.3:a:claris:filemaker_cloud:2.21.1.3
-
cpe:2.3:a:claris:filemaker_cloud:2.22.0
-
cpe:2.3:a:claris:filemaker_cloud:2.22.0.2