Firebird Database Multiple Critical Vulnerabilities CVSS 9.9
Summary
CERT-Bund issued security advisory WID-SEC-2026-1171 disclosing multiple critical vulnerabilities in Firebird open-source relational database management system. Affected versions include Firebird <6.0, <5.0.4, <4.0.7, <3.0.14, and corresponding Firebird Client versions. The vulnerabilities carry a CVSS Base Score of 9.9 (critical) and enable remote attackers to execute arbitrary code with administrator privileges, disclose confidential information, or cause denial-of-service conditions across Linux, macOS, UNIX, and Windows systems.
“Ein Angreifer kann mehrere Schwachstellen in Firebird ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, vertrauliche Informationen offenzulegen oder einen Denial-of-Service-Zustand zu verursachen.”
Organizations running Firebird databases should inventory deployed instances and verify version numbers against the affected version list. Patch management processes should treat the 9.9 CVSS score as requiring expedited remediation regardless of network segmentation controls, as remote exploitation without authentication is explicitly documented.
What changed
CERT-Bund published a critical security advisory for Firebird database management system, identifying multiple vulnerabilities across versions prior to 6.0, 5.0.4, 4.0.7, and 3.0.14. The vulnerabilities affect both the database server and client components and are exploitable remotely without authentication.
Organizations running Firebird databases on Linux, macOS, X, UNIX, or Windows platforms should immediately identify deployed versions and apply available patches. Given the CVSS score of 9.9 and the availability of remote code execution with administrator privileges, these vulnerabilities represent a high-priority remediation for any affected system.
Archived snapshot
Apr 20, 2026GovPing captured this document from the original source. If the source has since changed or been removed, this is the text as it existed at that time.
[WID-SEC-2026-1171] Firebird: Mehrere Schwachstellen CVSS Base Score 9.9 (kritisch) CVSS Temporal Score 8.6 (hoch) Remoteangriff ja Datum 19.04.2026 Stand 20.04.2026 Mitigation ja
Betroffene Systeme
Betriebssystem
- Linux
- MacOS X
- UNIX
- Windows
Produktbeschreibung
Firebird ist ein relationales Open-Source-Datenbankmanagementsystem.
Produkte
19.04.2026
- Firebird Firebird <6.0
Firebird Firebird <4.0.7
Firebird Firebird <3.0.14
Firebird Firebird Client <4.0.0
Firebird Firebird Client <3.0.14
Firebird Firebird <5.0.4
Angriff
Angriff
Ein Angreifer kann mehrere Schwachstellen in Firebird ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, vertrauliche Informationen offenzulegen oder einen Denial-of-Service-Zustand zu verursachen. CVE Informationen Versionshistorie Feedback zum Advisory geben
Related changes
Get daily alerts for CERT-Bund Security Advisories
Daily digest delivered to your inbox.
Free. Unsubscribe anytime.
Source
About this page
Every important government, regulator, and court update from around the world. One place. Real-time. Free. Our mission
Source document text, dates, docket IDs, and authority are extracted directly from CERT-Bund.
The summary, classification, recommended actions, deadlines, and penalty information are AI-generated from the original text and may contain errors. Always verify against the source document.
Classification
Who this affects
Taxonomy
Browse Categories
Get alerts for this source
We'll email you when CERT-Bund Security Advisories publishes new changes.
Subscribed!
Optional. Filters your digest to exactly the updates that matter to you.