FirebirdSQL versions prior to 5.0.4, 4.0.7, and 3.0.14 are vulnerable to information leaks due to improper validation of data lengths in specific network packets.

🚨 EUVD-2026-23466 📊 Score: 6.0/10 (CVSS v3.1) 📦 Product: firebird, firebird, firebird 🏢 Vendor: FirebirdSQL 📅 Updated: 2026-04-17 📝 Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the ClumpletReader::getClumpletSize() function can overflow the totalLength value when parsing a Wide type clumplet, caus... 🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-23466 #cybersecurity #infosec #euvd #cve #vulnerability

🚨 EUVD-2026-23486 📊 Score: 7.5/10 (CVSS v3.1) 📦 Product: firebird, firebird, firebird 🏢 Vendor: FirebirdSQL 📅 Updated: 2026-04-17 📝 Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the xdr_status_vector() function does not handle the isc_arg_cstring type when decoding an op_response packet, causing a ... 🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-23486 #cybersecurity #infosec #euvd #cve #vulnerability

🚨 EUVD-2026-23490 📊 Score: 7.5/10 (CVSS v3.1) 📦 Product: firebird, firebird, firebird 🏢 Vendor: FirebirdSQL 📅 Updated: 2026-04-17 📝 Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the sdl_desc() function does not validate the length of a decoded SDL descriptor from a slice packet. A zero-length descr... 🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-23490 #cybersecurity #infosec #euvd #cve #vulnerability

🚨 EUVD-2026-23482 📊 Score: 7.5/10 (CVSS v3.1) 📦 Product: firebird, firebird, firebird 🏢 Vendor: FirebirdSQL 📅 Updated: 2026-04-17 📝 Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when deserializing a slice packet, the xdr_datum() function does not validate that a cstring length conforms to the slice... 🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-23482 #cybersecurity #infosec #euvd #cve #vulnerability

🚨 EUVD-2026-23496 📊 Score: 10.0/10 (CVSS v3.1) 📦 Product: firebird, firebird, firebird 🏢 Vendor: FirebirdSQL 📅 Updated: 2026-04-17 📝 Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the external engine plugin loader concatenates a user-supplied engine name into a filesystem path without filtering path... 🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-23496 #cybersecurity #infosec #euvd #cve #vulnerability

🚨 EUVD-2026-23468 📊 Score: 8.2/10 (CVSS v3.1) 📦 Product: firebird, firebird, firebird 🏢 Vendor: FirebirdSQL 📅 Updated: 2026-04-17 📝 Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when the server receives an op_crypt_key_callback packet without prior authentication, the port_server_crypt_callback han... 🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-23468 #cybersecurity #infosec #euvd #cve #vulnerability

🚨 EUVD-2026-23462 📊 Score: 7.5/10 (CVSS v3.1) 📦 Product: firebird, firebird, firebird 🏢 Vendor: FirebirdSQL 📅 Updated: 2026-04-17 📝 Firebird is an open-source relational database management system. In versions prior to 6.0.0, 5.0.4, 4.0.7 and 3.0.14, when processing an op_slice network packet, the server passes an unprepared structure containing a null pointer to... 🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-23462 #cybersecurity #infosec #euvd #cve #vulnerability

🚨 EUVD-2026-23460 📊 Score: 8.2/10 (CVSS v3.1) 📦 Product: firebird, firebird, firebird 🏢 Vendor: FirebirdSQL 📅 Updated: 2026-04-17 📝 Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14,, when processing CNCT_specific_data segments during authentication, the server assumes segments arrive in strictly ascend... 🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-23460 #cybersecurity #infosec #euvd #cve #vulnerability

🚨 EUVD-2025-209528 📊 Score: 7.9/10 (CVSS v3.1) 📦 Product: firebird 🏢 Vendor: FirebirdSQL 📅 Updated: 2026-04-17 📝 Firebird is an open-source relational database management system. In versions FB3 of the client library placed incorrect data length values into XSQLDA fields when communicating with FB4 or higher servers, resulting in an information leak. This issue ... 🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2025-209528 #cybersecurity #infosec #euvd #cve #vulnerability

🟠 CVE-2026-33337 - High (7.5) Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when deserializing a slice packet, the xdr_datum() function does not validate that a cstring length conforms to the slice descriptor bo... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33337/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack