CVE-2026-41951
7.2
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Path traversal vulnerability exists in GROWI v7.5.0 and earlier, which may allow an attacker to execute arbitrary EJS templates on the server when an email server is running in GROWI.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| GROWI, Inc. | GROWI | v7.5.0 and earlier | affected |
Weaknesses
- CWE-22: Improper limitation of a pathname to a restricted directory ('Path Traversal')
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.