PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-43752 Claris CVE debrief

An authenticated administrator may be able to achieve arbitrary code execution on the host system by uploading a malicious file through the Open Source LLM setup feature in the Admin Console. This vulnerability has been addressed in FileMaker Server 26.0.1. The vulnerability has a CVSS score of 4.9 and is considered medium-severity. The vulnerability requires administrative privileges to exploit.

Vendor
Claris
Product
FileMaker Server
CVSS
MEDIUM 4.9
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-09
Original CVE updated
2026-07-10
Advisory published
2026-07-09
Advisory updated
2026-07-10

Who should care

Administrators and users of FileMaker Server 26.0.1, particularly those with administrative privileges, should be aware of this vulnerability and take necessary precautions. They should verify their systems and apply the patch if necessary.

Technical summary

CVE-2026-43752 is a medium-severity vulnerability (CVSS score: 4.9) that allows an authenticated administrator to execute arbitrary code on the host system. The vulnerability is caused by a flaw in the Open Source LLM setup feature in the Admin Console, which can be exploited by uploading a malicious file. The vulnerability affects FileMaker Server 26.0.1 and has been addressed in this version. To mitigate this vulnerability, administrators should verify their systems and apply the patch if necessary. Additionally, they should restrict administrative access to the Admin Console to only trusted administrators and monitor for suspicious activity by regularly reviewing system logs for potential exploitation attempts.

Defensive priority

Medium priority due to the requirement for administrative privileges and the availability of a patch.

Recommended defensive actions

  • Apply the patch: Upgrade to FileMaker Server 26.0.1 to address the vulnerability.
  • Restrict administrative access: Limit access to the Admin Console to only trusted administrators.
  • Monitor for suspicious activity: Regularly review system logs for potential exploitation attempts.
  • Review compensating controls for exposed systems while remediation is scheduled and verified.
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review.
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented.
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up.

Evidence notes

The CVE record was published on 2026-07-09T18:16:52.160Z and last modified on 2026-07-10T14:34:22.677Z. The NVD entry is currently Analyzed. The vulnerability affects FileMaker Server 26.0.1 and has been addressed in this version. Administrators should verify their systems and apply the patch if necessary.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-09T18:16:52.160Z and has not been modified since then. The NVD entry is currently Analyzed.