CNNVD-202602-560 Information
CNNVD ID
CNNVD-202602-560
Related CVE
- CNNVD Published: 2026-02-04
Description (Chinese)
Group Office是荷兰Group Office公司的一款模块化的办公套件。 Group Office 6.8.150之前版本、25.0.82之前版本和26.0.5之前版本存在操作系统命令注入漏洞,该漏洞源于email/message/tnefAttachmentFromTempFile端点对用户控制的参数拼接不当,可能导致远程命令执行。
Description (English)
Group Office is a modular office package for the Dutch company Group Office. There is a gap in the operating system commands before Group Office 6.8.150, before 25.0.82 and before 26.0.5, which arises from the inappropriately spelled-out of user-controlled parameters at the endpoint of email/message/tnefAttachment FrontFile, which may result in remote command execution.
Hazard Level
High
Vulnerability Type
操作系统命令注入
Affected Vendor
Group Office
Published
2026-02-04
Last Modified
2026-02-24
References
http://github.com/Intermesh/groupoffice/commit/6c612deca97a6cd2a1bd4feea0ce7e8e9d907792 https://github.com/Intermesh/groupoffice/security/advisories/GHSA-579w-jvg7-frr4