CVE-2026-28224 - Vulnerability Analysis
HighCVSS: 8.2Last Updated: April 17, 2026
Firebird - Denial of Service
Overview
Firebird < 5.0.4, 4.0.7, 3.0.14 contains a denial of service caused by null pointer dereference in port_server_crypt_callback handler when receiving op_crypt_key_callback packet without authentication, letting unauthenticated attackers crash the server.
Severity & Score
Impact
Unauthenticated attackers can crash the server causing denial of service.
Mitigation
Upgrade to versions 5.0.4, 4.0.7, 3.0.14 or later.
References
Social Media Activity(2 posts)
š CVE-2026-28224 - High (8.2) Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when the server receives an op_crypt_key_callback packet without prior authentication, the port_server_crypt_callback handler is not in... š https://www.thehackerwire.com/vulnerability/CVE-2026-28224/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
š CVE-2026-28224 - High (8.2) Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when the server receives an op_crypt_key_callback packet without prior authentication, the port_server_crypt_callback handler is not in... š https://www.thehackerwire.com/vulnerability/CVE-2026-28224/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-28224
- Severity
- High
- CVSS Score
- 8.2
- Type
- null_pointer_dereference
- Status
- new
- EPSS
- 0.0%
- Social Posts
- 2
CWE
- CWE-476
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H