CNNVD-202602-565 Information

CNNVD ID

CNNVD-202602-565

Related CVE

CVE-2026-25511

• CNNVD Published: 2026-02-04

Description (Chinese)

Group Office是荷兰Group Office公司的一款模块化的办公套件。 Group Office 6.8.150之前版本、25.0.82之前版本和26.0.5之前版本存在代码问题漏洞，该漏洞源于WOPI服务发现URL存在服务端请求伪造，可能导致访问内部主机或端口以及服务器端文件读取。

Description (English)

Group Office is a modular office package for the Dutch company Group Office. There is a code problem gap in the pre-Group Office 6.8.150, pre- version 25.0.82 and pre-version 26.0.5, which stems from the WOPI service finding that URLs have a service-end request for forgery that may lead to access to internal hosts or ports and server-end files.

Hazard Level

High

Vulnerability Type

代码问题

Affected Vendor

Group Office

Published

2026-02-04

Last Modified

2026-02-24

References

https://github.com/Intermesh/groupoffice/commit/5ac199dce758e1ce0d1cdb6905df5da3c2af42b3 https://github.com/Intermesh/groupoffice/security/advisories/GHSA-r9v4-jm2r-r9pm

Patch

https://www.group-office.com/