CVE-2026-27890
Published: 17 April 2026
Summary
CVE-2026-27890 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Firebirdsql Firebird. Its CVSS base score is 8.2 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked in the top 37.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates the CVE by requiring timely remediation of the specific flaw through patching to Firebird versions 5.0.4, 4.0.7, or 3.0.14.
Requires validation of CNCT_specific_data segments during authentication to ensure they arrive in ascending order, preventing the out-of-order condition that triggers the array size computation error.
Mandates secure error handling in the Array class's grow() method to avoid SIGSEGV crashes from negative size values caused by malformed authentication inputs.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability enables unauthenticated remote denial of service by crashing the Firebird database server through crafted out-of-order authentication packets, directly mapping to application exploitation for endpoint DoS.
NVD Description
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when processing CNCT_specific_data segments during authentication, the server assumes segments arrive in strictly ascending order. If segments arrive out of order, the Array class's…
more
grow() method computes a negative size value, causing a SIGSEGV crash. An unauthenticated attacker who knows only the server's IP and port can exploit this to crash the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14.
Deeper analysisAI
CVE-2026-27890 affects Firebird, an open-source relational database management system, in versions prior to 5.0.4, 4.0.7, and 3.0.14. The vulnerability arises during authentication when the server processes CNCT_specific_data segments, assuming they arrive in strictly ascending order. If segments arrive out of order, the Array class's grow() method computes a negative size value, triggering a SIGSEGV crash. This issue is classified under CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-787 (Out-of-bounds Write), with a CVSS v3.1 base score of 8.2 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H).
An unauthenticated remote attacker needs only the server's IP address and port to exploit this vulnerability. By sending specially crafted authentication packets with out-of-order CNCT_specific_data segments, the attacker can reliably cause a server crash, resulting in denial of service. The attack requires low complexity, with no privileges, user interaction, or special conditions, though it has no direct impact on confidentiality and only low integrity impact.
Firebird has addressed this issue in the fixed releases: version 5.0.4, 4.0.7, and 3.0.14. Security practitioners should update affected Firebird installations to one of these versions immediately. Additional details are available in the project's security advisory (GHSA-6crx-4g37-7j49) and release notes on GitHub.
Details
- CWE(s)