CVE-2026-43752 Claris FileMaker Server vulnerability
An authenticated administrator may be able to achieve arbitrary code execution on the host system by uploading a malicious file through the Open Source LLM setup feature in the Admin Console. This vulnerability has been addressed in FileMaker Server 26.0.1.
Quick answer
Claris FileMaker Server should be reviewed and updated if it matches the affected versions. The recommended fix is to apply the vendor-supported patched version or the mitigation steps below, then retest the public website with Fixnx.
Who is affected
Affected versions
- FileMaker Server before 26.0.1
Fixed versions
- 26.0.1
How to fix it
CVE-2026-43752 affects Claris FileMaker Server Admin Console where an authenticated administrator can upload a malicious file through the Open Source LLM setup feature. The impact is arbitrary code execution on the host system, so prioritize servers where more than one administrator has console access or where the admin console is reachable beyond a tightly controlled management network. Claris fixed the issue in FileMaker Server 26.0.1. Until upgraded, restrict Admin Console access and avoid using the Open Source LLM setup upload workflow.
- Inventory every Claris FileMaker Server deployment, including production, staging, test, and disaster recovery hosts.
- Identify FileMaker Server versions before 26.0.1 and check whether the Open Source LLM setup feature is enabled or used.
- Upgrade FileMaker Server to 26.0.1 or a later Claris-supported release on every affected host.
- Restrict Admin Console access to trusted management networks, named administrators, VPN, and MFA while remediation is pending.
- Avoid uploading Miniforge, LLM setup, or other installer files through the vulnerable workflow until the patched release is installed.
- Review server logs, Admin Console activity, uploaded installer locations, and host filesystem changes for suspicious uploads or process execution.
- If exploitation is suspected, preserve evidence, rotate administrator credentials, rebuild the host from trusted media, and restore FileMaker data from verified backups.
Scan now. Google sign-in is only needed to unlock fix guidance.
Verify the fix
- Confirm each FileMaker Server reports version 26.0.1 or a later supported release.
- Confirm Admin Console upload handling rejects unsafe file types and only trusted administrators can access the LLM setup workflow.
- Confirm management routes are not reachable from untrusted networks and MFA is enforced for administrative accounts.
- Review host and FileMaker logs after patching for blocked upload attempts or unexpected process execution.
- Document patched versions, console access controls, log review, and incident-response actions where applicable.
Related categories
Trusted references
FAQ
What is affected by CVE-2026-43752?
Claris FileMaker Server versions listed as affected should be reviewed: FileMaker Server before 26.0.1.
What should I fix first?
Start with internet-facing sites, admin panels, login flows, plugins, themes, modules, packages, and systems that process user-controlled input or sensitive data.
How do I confirm the fix worked?
Apply the patched version or mitigation, clear caches where relevant, retest the affected workflow, and run a new Fixnx scan to verify public website exposure signals.
How are Fixnx security risk categories chosen?
Fixnx keeps one canonical risk page and assigns only broad, relevant categories such as ecosystem, technology area, or vulnerability class.
