Remote Code Execution in Claris FileMaker Cloud
CVE-2026-43685

7.2HIGH

Key Information:

Vendor: Claris
Status: Filemaker Cloud
Vendor: CVE Published:; 12 May 2026

What is CVE-2026-43685?

A vulnerability in Claris FileMaker Cloud enables users with Admin Console privileges to execute arbitrary operating system commands. This issue arises from the External ODBC Data Source connection test feature, which fails to sanitize input appropriately. Attackers can exploit this security lapse to gain unauthorized access and control over the system. The vulnerability has been addressed in the newer version, FileMaker Cloud 2.22.0.5.

Affected Version(s)

FileMaker Cloud 0 < 2.22.0.5

References

https://support.claris.com/s/answerview?anum=000049154&la...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 12, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-43685 Data

JSON