CNNVD-202602-043 Information

CNNVD ID

CNNVD-202602-043

Related CVE

CVE-2026-25134

• CNNVD Published: 2026-02-02

Description (Chinese)

Group Office是荷兰Group Office公司的一款模块化的办公套件。 Group Office 6.8.150之前版本、25.0.82之前版本和26.0.5之前版本存在参数注入漏洞，该漏洞源于lang参数直接传递给系统命令，可能导致远程代码执行。

Description (English)

Group Office is a modular office package for the Dutch company Group Office. Before Group Office 6.8.150, before 25.0.82 and before 26.0.5, there was a gap in the parameters, which stemmed from the lang parameter being passed directly to the system command, which could lead to remote code execution.

Hazard Level

High

Vulnerability Type

参数注入

Affected Vendor

Group Office

Published

2026-02-02

Last Modified

2026-02-24

References

https://github.com/Intermesh/groupoffice/commit/d28490a6a29936db7888aa841ab8ade88800540b https://github.com/Intermesh/groupoffice/security/advisories/GHSA-v39j-549w-8849

Patch

https://www.group-office.com/