CVE-2026-28212
Published: 17 April 2026
Summary
CVE-2026-28212 is a high-severity NULL Pointer Dereference (CWE-476) vulnerability in Firebirdsql Firebird. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 20.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-11 (Error Handling).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Timely flaw remediation requires patching Firebird to fixed versions that address the null pointer dereference in op_slice packet processing.
Secure error handling prevents null pointer dereferences from crashing the server when unprepared structures are passed to functions like SDL_info().
Information input validation ensures crafted op_slice network packets are checked before processing to avoid null pointer issues.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Null pointer dereference in network-facing DB service (op_slice packet) directly enables remote unauthenticated crash, matching Application or System Exploitation for Endpoint DoS.
NVD Description
Firebird is an open-source relational database management system. In versions prior to 6.0.0, 5.0.4, 4.0.7 and 3.0.14, when processing an op_slice network packet, the server passes an unprepared structure containing a null pointer to the SDL_info() function, resulting in a…
more
null pointer dereference and server crash. An unauthenticated attacker can trigger this by sending a crafted packet to the server port. This issue has been fixed in versions 6.0.0, 5.0.4, 4.0.7 and 3.0.14.
Deeper analysisAI
CVE-2026-28212 is a null pointer dereference vulnerability in Firebird, an open-source relational database management system. In versions prior to 6.0.0, 5.0.4, 4.0.7, and 3.0.14, the server processes an op_slice network packet by passing an unprepared structure containing a null pointer to the SDL_info() function, resulting in a server crash. This flaw, classified under CWE-476, carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), highlighting its potential for high availability impact.
An unauthenticated attacker can exploit this vulnerability remotely by sending a crafted op_slice packet to the Firebird server port, triggering the null pointer dereference and causing a denial-of-service condition through server termination. No privileges, user interaction, or special access are required, making it accessible over the network with low complexity.
Mitigation is addressed in the official Firebird releases: version 6.0.0, 5.0.4, 4.0.7, and 3.0.14, available via GitHub release tags. The Firebird security advisory (GHSA-9884-9qm3-hqch) details the issue and recommends upgrading to these patched versions to prevent exploitation.
Details
- CWE(s)