Vulnerability Details CVE-2026-43752
An authenticated administrator may be able to achieve arbitrary code execution on the host system by uploading a malicious file through the Open Source LLM setup feature in the Admin Console. This vulnerability has been addressed in FileMaker Server 26.0.1.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 20.8%
CVSS Severity
CVSS v3 Score 4.9
Products affected by CVE-2026-43752
-
cpe:2.3:a:claris:filemaker_server:-
-
cpe:2.3:a:claris:filemaker_server:19.1.2
-
cpe:2.3:a:claris:filemaker_server:19.2.1
-
cpe:2.3:a:claris:filemaker_server:19.3.1
-
cpe:2.3:a:claris:filemaker_server:19.3.2
-
cpe:2.3:a:claris:filemaker_server:19.4.1
-
cpe:2.3:a:claris:filemaker_server:20.1.1
-
cpe:2.3:a:claris:filemaker_server:20.1.2
-
cpe:2.3:a:claris:filemaker_server:20.2.1
-
cpe:2.3:a:claris:filemaker_server:20.3.1
-
cpe:2.3:a:claris:filemaker_server:20.3.2
-
cpe:2.3:a:claris:filemaker_server:21.0.1
-
cpe:2.3:a:claris:filemaker_server:21.0.2
-
cpe:2.3:a:claris:filemaker_server:21.1.1
-
cpe:2.3:a:claris:filemaker_server:21.1.3
-
cpe:2.3:a:claris:filemaker_server:21.1.4
-
cpe:2.3:a:claris:filemaker_server:21.1.5
-
cpe:2.3:a:claris:filemaker_server:21.1.6
-
cpe:2.3:a:claris:filemaker_server:21.1.7
-
cpe:2.3:a:claris:filemaker_server:22.0.1
-
cpe:2.3:a:claris:filemaker_server:22.0.2
-
cpe:2.3:a:claris:filemaker_server:22.0.4
-
cpe:2.3:a:claris:filemaker_server:22.0.5
-
cpe:2.3:a:claris:filemaker_server:22.0.6