GHSA-4wwf-f7w3-94f5
Suggest an improvement- Source
- https://github.com/advisories/GHSA-4wwf-f7w3-94f5
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/02/GHSA-4wwf-f7w3-94f5/GHSA-4wwf-f7w3-94f5.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-4wwf-f7w3-94f5
- Aliases
-
- CVE-2026-24788
- Published
- 2026-02-02T06:30:52Z
- Modified
- 2026-02-03T17:51:22.697874Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- 8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- RaspAP raspap-webgui contains an OS Command Injection vulnerability
- Details
-
RaspAP raspap-webgui versions prior to 3.3.6 contain an OS Command Injection vulnerability. If exploited, an arbitrary OS command may be executed by a user who can log in to the product.
- Database specific
{ "cwe_ids": [ "CWE-78" ], "github_reviewed": true, "github_reviewed_at": "2026-02-02T20:53:03Z", "nvd_published_at": "2026-02-02T05:16:03Z", "severity": "HIGH" }- References
Affected packages
Packagist / billz/raspap-webgui
Package
- Name
- billz/raspap-webgui
- Purl
- pkg:composer/billz/raspap-webgui
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.3.6
Affected versions
1.*
1.0
2.*
2.4.1
2.5
2.5.1
2.5.2
2.6-beta
2.6
2.6.1
2.6.2
2.6.3
2.6.4
2.6.5
2.6.6
2.6.7
2.6.8
2.6.9
2.7.0
2.7.1
2.8.0
2.8.1
2.8.2
2.8.3
2.8.4
2.8.5
2.8.6
2.8.7
2.8.8
2.8.9
2.9.0
2.9.1
2.9.2
2.9.3
2.9.4
2.9.5
2.9.6
2.9.7
2.9.8
2.9.9
3.*
3.0-beta
3.0
3.0.1
3.0.2
3.0.3
3.0.4
3.0.5
3.0.6
3.0.7
3.0.8
3.0.9
3.1.0
3.1.1
3.1.2
3.1.3
3.1.4
3.1.5
3.1.6
3.1.7
3.1.8
3.1.9
3.2.0
3.2.1
3.2.2
3.2.3
3.2.4
3.2.5
3.2.6
3.2.7
3.2.8
3.2.9
3.3.0
3.3.1
3.3.2
3.3.3
3.3.4
v3.*
v3.3.5