CVE-2026-27832

Name of the Vulnerable Software and Affected Versions Group-Office versions prior to 26.0.8 Group-Office versions prior to 25.0.87 Group-Office versions prior to 6.8.153

Description The software has a SQL Injection issue that can be exploited through the advancedQueryData parameter, specifically the comparator field, on an authenticated endpoint. The index.php?r=email/template/emailSelection endpoint processes the advancedQueryData parameter and incorporates the SQL comparator directly into SQL condition building without proper validation. This allows for blind boolean-based exfiltration of the core auth password table.

Recommendations Update to Group-Office version 26.0.8 or later. Update to Group-Office version 25.0.87 or later. Update to Group-Office version 6.8.153 or later.