CVE-2026-27947
CRITICAL EPSS 49.4%
Published Feb 27, 20264mo ago · Modified Mar 4, 20263mo ago
9.4 CVSS 4.0
Published Feb 27, 2026 4mo ago
Last Modified Mar 4, 2026 3mo ago
Description
Group-Office is an enterprise customer relationship management and groupware tool. Versions prior to 26.0.9, 25.0.87, and 6.8.154 have an authenticated Remote Code Execution vulnerability in the TNEF attachment processing flow. The vulnerable path extracts attacker-controlled files from `winmail.dat` and then invokes `zip` with a shell wildcard (`*`). Because extracted filenames are attacker-controlled, they can be interpreted as `zip` options and lead to arbitrary command execution. Versions 26.0.9, 25.0.87, and 6.8.154 fix the issue.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope X
Threat Intelligence
EPSS Exploit Probability
49.4% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 2
CWE-434 Unrestricted Upload of File with Dangerous Type Resource Mgmt
CWE-88
Affected Products 3
References 1
- github.com https://github.com/Intermesh/groupoffice/security/advisories/GHSA-2rwh-9qp7-f92x
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.