HIGHCVE-2026-43685Published 2026-05-12Modified 2026-05-13CNA apple

CVE-2026-43685: A Remote Code Execution vulnerability in Claris FileMaker Cloud allowed a user with Admin Console privileges to inject arbitrary operating system commands through unsanitized input in the External ODBC Data Source connection test feature

A Remote Code Execution vulnerability in Claris FileMaker Cloud allowed a user with Admin Console privileges to inject arbitrary operating system commands through unsanitized input in the External ODBC Data Source connection test feature. This issue is fixed in FileMaker Cloud 2.22.0.5.

CVSS v3.1: 7.2
Severity: HIGH
Fixed in: 2.22.0.5
Affected Products: 1

Fix available

2.22.0.5

Affected packages

Claris / FileMaker Cloud
< 2.22.0.5 (from 0)

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

References

support.claris.com

Metrics

Fix available