CVE-2026-27947

HIGH

Group-Office <26.0.9 - Authenticated RCE

Title source: llm

Description

Group-Office is an enterprise customer relationship management and groupware tool. Versions prior to 26.0.9, 25.0.87, and 6.8.154 have an authenticated Remote Code Execution vulnerability in the TNEF attachment processing flow. The vulnerable path extracts attacker-controlled files from `winmail.dat` and then invokes `zip` with a shell wildcard (`*`). Because extracted filenames are attacker-controlled, they can be interpreted as `zip` options and lead to arbitrary command execution. Versions 26.0.9, 25.0.87, and 6.8.154 fix the issue.

References (1)

[Vendor Advisory] https://github.com/Intermesh/groupoffice/security/advisories/GHSA-2rwh-9qp7-f92x

Scores

CVSS v3 8.8

EPSS 0.0026

EPSS Percentile 49.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-88 CWE-434

Status published

Affected Products (1)

intermesh/group-office < 6.8.154

Timeline

Published Feb 27, 2026

Tracked Since Feb 28, 2026