CVE-2026-27947

HIGH

Group-Office <26.0.9 - Authenticated RCE

Title source: llm

Description

Group-Office is an enterprise customer relationship management and groupware tool. Versions prior to 26.0.9, 25.0.87, and 6.8.154 have an authenticated Remote Code Execution vulnerability in the TNEF attachment processing flow. The vulnerable path extracts attacker-controlled files from `winmail.dat` and then invokes `zip` with a shell wildcard (`*`). Because extracted filenames are attacker-controlled, they can be interpreted as `zip` options and lead to arbitrary command execution. Versions 26.0.9, 25.0.87, and 6.8.154 fix the issue.

References (1)

[Vendor Advisory] https://github.com/Intermesh/groupoffice/security/advisories/GHSA-2rwh-9qp7-f92x

Scores

CVSS v3 8.8

EPSS 0.0011

EPSS Percentile 29.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-88 CWE-434

Status published

Products (1)

intermesh/group-office < 6.8.154

Published Feb 27, 2026

Tracked Since Feb 28, 2026