CVE-2026-26279

Name of the Vulnerable Software and Affected Versions Froxlor versions prior to 2.3.4

Description Froxlor is open source server administration software. A flaw in the input validation code, specifically a typo where '==' was used instead of '=', disables email format checking for settings fields declared as email type. This allows an authenticated administrator to store arbitrary strings in the panel.adminmail setting. This value is then used in a shell command executed as root by a cron job, where the pipe character '|' is explicitly whitelisted, leading to remote code execution.

Recommendations Upgrade to version 2.3.4 to address this issue.