CVE-2026-27760

Source
https://cve.org/CVERecord?id=CVE-2026-27760
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-27760.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-27760
Published
2026-04-28T13:43:24.366Z
Modified
2026-07-08T08:09:14.786159936Z
Severity
  • 9.2 (Critical) CVSS_V4 - CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator
Summary
OpenCATS PHP Code Injection via installer AJAX endpoint
Details

OpenCATS prior to commit 3002a29 contains a PHP code injection vulnerability in the installer AJAX endpoint that allows unauthenticated attackers to execute arbitrary code by injecting PHP statements into the databaseConnectivity action parameter. Attackers can break out of the define() string context in config.php using a single quote and statement separator to inject malicious PHP code that persists and executes on every subsequent page load when the installation wizard remains incomplete.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/27xxx/CVE-2026-27760.json",
    "cna_assigner": "VulnCheck",
    "cwe_ids": [
        "CWE-94"
    ]
}
References

Affected packages

Git / github.com/opencats/opencats

Affected ranges

Type
GIT
Repo
https://github.com/opencats/opencats
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "source": [
        "AFFECTED_FIELD",
        "REFERENCES"
    ],
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.9.7.4"
        }
    ]
}

Affected versions

0.*
0.9.1a
0.9.3
0.9.3-1
0.9.3-2
0.9.3-3
0.9.4
0.9.4-1
0.9.4-2
0.9.4-3
0.9.6
0.9.7.3
0.9.7.4
opencats-0.*
opencats-0.9.3
opencats-0.9.3(alpha)
opencats-0.9.3(final)
opencats-0.9.7
v0.*
v0.9.7.2

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-27760.json"