CVE-2026-43685: OS Command Injection
Published May 12, 2026
·Updated
A Remote Code Execution vulnerability in Claris FileMaker Cloud allowed a user with Admin Console privileges to inject arbitrary operating system commands through unsanitized input in the External ODBC Data Source connection test feature. This issue is fixed in FileMaker Cloud 2.22.0.5.
Affected Software
2 affected components
Claris FileMaker Cloud<2.22.0.5
Claris FileMaker Cloud<2.22.0.5
Event History
May 12, 2026
CVE Published
via MITRE·10:24 PM
Data Sourced
via MITRE·10:24 PM
DescriptionWeakness
Data Sourced
via NVD·11:16 PM
DescriptionSeverityWeaknessAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2026-43685?
CVE-2026-43685 has a high severity rating due to the potential for remote code execution.
2
How do I fix CVE-2026-43685?
To fix CVE-2026-43685, upgrade to Claris FileMaker Cloud version 2.22.0.5 or later.
3
Who is affected by CVE-2026-43685?
CVE-2026-43685 affects users of Claris FileMaker Cloud prior to version 2.22.0.5 who have Admin Console privileges.
4
What is the impact of CVE-2026-43685?
The impact of CVE-2026-43685 includes the risk of an attacker executing arbitrary operating system commands.
5
When was CVE-2026-43685 disclosed?
CVE-2026-43685 was disclosed in the year 2026.