CVE-2026-27890

HighPublic PoC

Published: 17 April 2026

Published

17 April 2026

Modified

24 April 2026

KEV Added

—

Patch

—

CVSS Score 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

EPSS Score 0.0030 53.3th percentile

Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Description

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when processing CNCT_specific_data segments during authentication, the server assumes segments arrive in strictly ascending order. If segments arrive out of order, the Array class's…

grow() method computes a negative size value, causing a SIGSEGV crash. An unauthenticated attacker who knows only the server's IP and port can exploit this to crash the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14.

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly mitigates the CVE by requiring timely remediation of the specific flaw through patching to Firebird versions 5.0.4, 4.0.7, or 3.0.14.

SI-10 Information Input Validation partial match

prevent

Requires validation of CNCT_specific_data segments during authentication to ensure they arrive in ascending order, preventing the out-of-order condition that triggers the array size computation error.

SI-11 Error Handling partial match

prevent

Mandates secure error handling in the Array class's grow() method to avoid SIGSEGV crashes from negative size values caused by malformed authentication inputs.

Security SummaryAI

CVE-2026-27890 affects Firebird, an open-source relational database management system, in versions prior to 5.0.4, 4.0.7, and 3.0.14. The vulnerability arises during authentication when the server processes CNCT_specific_data segments, assuming they arrive in strictly ascending order. If segments arrive out of order, the Array class's grow() method computes a negative size value, triggering a SIGSEGV crash. This issue is classified under CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-787 (Out-of-bounds Write), with a CVSS v3.1 base score of 8.2 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H).

An unauthenticated remote attacker needs only the server's IP address and port to exploit this vulnerability. By sending specially crafted authentication packets with out-of-order CNCT_specific_data segments, the attacker can reliably cause a server crash, resulting in denial of service. The attack requires low complexity, with no privileges, user interaction, or special conditions, though it has no direct impact on confidentiality and only low integrity impact.

Firebird has addressed this issue in the fixed releases: version 5.0.4, 4.0.7, and 3.0.14. Security practitioners should update affected Firebird installations to one of these versions immediately. Additional details are available in the project's security advisory (GHSA-6crx-4g37-7j49) and release notes on GitHub.

Details

CWE(s): CWE-119 CWE-787

Affected Products

firebirdsql

firebird

≤ 3.0.14 · 4.0.0 — 4.0.7 · 5.0.0 — 5.0.4

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact

Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.

attack.mitre.org →

Why these techniques?

The vulnerability enables unauthenticated remote denial of service by crashing the Firebird database server through crafted out-of-order authentication packets, directly mapping to application exploitation for endpoint DoS.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14
Release Notes · security-advisories@github.com
https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7
Release Notes · security-advisories@github.com
https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4
Release Notes · security-advisories@github.com
https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-6crx-4g37-7j49
Exploit, Vendor Advisory · security-advisories@github.com