Remote Code Execution Vulnerability in Claris FileMaker Cloud
CVE-2026-43680

7.2HIGH

Key Information:

Vendor: Claris
Status: Filemaker Cloud
Vendor: CVE Published:; 12 May 2026

What is CVE-2026-43680?

A significant Remote Code Execution vulnerability exists in Claris FileMaker Cloud, granting Admin Console users the ability to bypass front-end restrictions associated with OS Script schedule types. This flaw enables unauthorized execution of arbitrary operating system commands on the underlying host, potentially leading to severe security implications. The issue has been addressed in the release of FileMaker Cloud version 2.22.0.5. For more details on remediation, visit Claris support.

Affected Version(s)

FileMaker Cloud 0 < 2.22.0.5

References

https://support.claris.com/s/answerview?anum=000049153&la...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 12, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-43680 Data

JSON