Home / Vulnerability Intelligence / CVE-2026-26279

CVE-2026-26279 - Vulnerability Analysis

CriticalCVSS: 9.1

Last Updated: March 3, 2026

Froxlor - Command Injection

Published: March 3, 2026Updated: March 3, 2026Remote Exploitable

Overview

Froxlor < 2.3.4 contains a command injection caused by a typo in input validation disabling email format checking, letting authenticated admins achieve root-level remote code execution via shell command injection, exploit requires admin privileges.

Severity & Score

Severity: Critical

CVSS Score: 9.1

Impact

Authenticated admins can execute arbitrary code as root, leading to full system compromise.

Mitigation

Update to version 2.3.4 or later.

References

https://github.com/froxlor/froxlor/commit/22249677107f8f39f8d4a238605641e87dab4343
https://github.com/froxlor/froxlor/releases/tag/2.3.4
https://github.com/froxlor/Froxlor/security/advisories/GHSA-33mp-8p67-xj7c

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-26279
Severity: Critical
CVSS Score: 9.1
Type: command_injection
Status: new

CWE

CWE-78

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H