CVE-2026-27947

CVSS v4.0

9.4

Critical

Vector

AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Name of the Vulnerable Software and Affected Versions Group-Office versions prior to 26.0.9 Group-Office versions prior to 25.0.87 Group-Office versions prior to 6.8.154

Description Group-Office is a customer relationship management and groupware tool. Versions prior to 26.0.9, 25.0.87, and 6.8.154 contain a flaw that allows for authenticated Remote Code Execution through the processing of TNEF attachments. The issue arises because the software extracts files from winmail.dat which are controlled by an attacker. The zip command is then invoked with a shell wildcard (*), allowing attackers to manipulate filenames to execute arbitrary commands.

Recommendations Update Group-Office to version 26.0.9. Update Group-Office to version 25.0.87. Update Group-Office to version 6.8.154.

Exploit

Fix

Unrestricted File Upload

Argument Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434CWE-88

Related Identifiers

CVE-2026-27947

GHSA-2RWH-9QP7-F92X

Affected Products

Group-Office

CVE-2026-27947

Weakness Enumeration

Related Identifiers

Affected Products

References · 5