CVE-2026-27947

CRITICAL EPSS 49.4%
Published Feb 27, 20264mo ago · Modified Mar 4, 20263mo ago
9.4 CVSS 4.0
Critical
Find Similar
Published Feb 27, 2026 4mo ago
Last Modified Mar 4, 2026 3mo ago

Description

Group-Office is an enterprise customer relationship management and groupware tool. Versions prior to 26.0.9, 25.0.87, and 6.8.154 have an authenticated Remote Code Execution vulnerability in the TNEF attachment processing flow. The vulnerable path extracts attacker-controlled files from `winmail.dat` and then invokes `zip` with a shell wildcard (`*`). Because extracted filenames are attacker-controlled, they can be interpreted as `zip` options and lead to arbitrary command execution. Versions 26.0.9, 25.0.87, and 6.8.154 fix the issue.

CVSS Details

Base Score
9.4
Exploitability
Impact
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope X

Threat Intelligence

EPSS Exploit Probability
49.4% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 2

CWE-434 Unrestricted Upload of File with Dangerous Type Resource Mgmt
CWE-88

Affected Products 3

VendorProductVersionRange
intermeshgroup-office* <6.8.154
intermeshgroup-office*≥25.0.1  –  <25.0.87
intermeshgroup-office*≥26.0.1  –  <26.0.9

References 1

  • github.com https://github.com/Intermesh/groupoffice/security/advisories/GHSA-2rwh-9qp7-f92x
    Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.