CVE-2026-27832

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2026-27832
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-27832.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-27832
Aliases
  • GHSA-vfgv-8w8v-qpxr
Published
2026-02-27T19:49:57.867Z
Modified
2026-03-03T02:35:34.478767Z
Severity
  • 7.1 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N CVSS Calculator
Summary
Group-Office Has Authenticated SQL Injection in advancedQueryData.comparator
Details

Group-Office is an enterprise customer relationship management and groupware tool. Versions prior to 26.0.8, 25.0.87, and 6.8.153 have a SQL Injection (SQLi) vulnerability, exploitable through the advancedQueryData parameter (comparator field) on an authenticated endpoint. The endpoint index.php?r=email/template/emailSelection processes advancedQueryData and forwards the SQL comparator without a strict allowlist into SQL condition building. This enables blind boolean-based exfiltration of the core_auth_password table. Versions 26.0.8, 25.0.87, and 6.8.153 fix the issue.

Database specific 
{
    "cwe_ids": [
        "CWE-89"
    ],
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/27xxx/CVE-2026-27832.json"
}
References

Affected packages

Git / github.com/intermesh/groupoffice

Affected ranges

Type
GIT
Repo
https://github.com/intermesh/groupoffice
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
2ab748da683d9a917fe7aed17156d9db65f693a6
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "6.8.153"
        }
    ]
}

Affected versions

v25.*
v25.0.8
v6.*
v6.2.85
v6.2.87
v6.2.88
v6.2.89
v6.2.90
v6.2.91
v6.2.92
v6.2.93
v6.2.94
v6.2.95
v6.3.1
v6.3.10
v6.3.11
v6.3.12
v6.3.14
v6.3.15
v6.3.16
v6.3.17
v6.3.18
v6.3.19
v6.3.2
v6.3.20
v6.3.21
v6.3.29
v6.3.3
v6.3.30
v6.3.31
v6.3.32
v6.3.33
v6.3.34
v6.3.35
v6.3.36
v6.3.37
v6.3.38
v6.3.4
v6.3.41
v6.3.42
v6.3.43
v6.3.44
v6.3.45
v6.3.47
v6.3.48
v6.3.49
v6.3.5
v6.3.50
v6.3.6
v6.3.7
v6.3.71
v6.3.72
v6.3.73
v6.3.74
v6.3.75
v6.3.76
v6.3.77
v6.3.78
v6.3.79
v6.3.8
v6.3.80
v6.3.81
v6.3.93
v6.3.94
v6.3.96
v6.4.156
v6.4.157
v6.4.158
v6.4.159
v6.4.160
v6.4.161
v6.4.162
v6.4.165
v6.4.170
v6.4.171
v6.4.172
v6.4.173
v6.4.174
v6.4.175
v6.4.176
v6.4.177
v6.4.178
v6.4.179
v6.4.180
v6.4.181
v6.4.182
v6.4.183
v6.4.184
v6.4.185
v6.4.186
v6.4.187
v6.4.188
v6.4.189
v6.4.190
v6.4.191
v6.4.192
v6.4.193
v6.4.194
v6.4.195
v6.4.196
v6.4.197
v6.4.198
v6.4.199
v6.4.200
v6.4.201
v6.4.202
v6.4.203
v6.4.204
v6.4.205
v6.4.206
v6.4.207
v6.4.208
v6.4.209
v6.4.21
v6.4.210
v6.4.211
v6.4.212
v6.4.213
v6.4.215
v6.4.216
v6.4.217
v6.4.218
v6.4.219
v6.4.22
v6.4.220
v6.4.221
v6.4.222
v6.4.223
v6.4.224
v6.4.225
v6.4.226
v6.4.227
v6.4.228
v6.4.229
v6.4.23
v6.4.230
v6.4.231
v6.4.232
v6.4.233
v6.4.234
v6.4.235
v6.4.236
v6.4.237
v6.4.238
v6.4.239
v6.4.240
v6.4.241
v6.4.242
v6.4.243
v6.4.244
v6.4.245
v6.4.246
v6.4.25
v6.4.26
v6.4.27
v6.4.28
v6.4.29
v6.4.30
v6.4.31
v6.4.32
v6.4.33
v6.4.34
v6.4.35
v6.4.36
v6.4.37
v6.4.38
v6.4.39
v6.4.40
v6.4.41
v6.4.42
v6.4.43
v6.4.44
v6.4.45
v6.4.49
v6.4.50
v6.4.51
v6.5.100
v6.5.101
v6.5.102
v6.5.103
v6.5.104
v6.5.105
v6.5.106
v6.5.107
v6.5.108
v6.5.109
v6.5.110
v6.5.30
v6.5.31
v6.5.32
v6.5.33
v6.5.34
v6.5.35
v6.5.36
v6.5.37
v6.5.38
v6.5.39
v6.5.40
v6.5.41
v6.5.42
v6.5.43
v6.5.44
v6.5.45
v6.5.46
v6.5.47
v6.5.48
v6.5.49
v6.5.50
v6.5.51
v6.5.52
v6.5.53
v6.5.54
v6.5.55
v6.5.56
v6.5.57
v6.5.58
v6.5.59
v6.5.60
v6.5.61
v6.5.62
v6.5.63
v6.5.64
v6.5.65
v6.5.66
v6.5.67
v6.5.68
v6.5.69
v6.5.70
v6.5.71
v6.5.72
v6.5.73
v6.5.74
v6.5.75
v6.5.76
v6.5.77
v6.5.78
v6.5.79
v6.5.80
v6.5.81
v6.5.82
v6.5.83
v6.5.84
v6.5.85
v6.5.86
v6.5.88
v6.5.89
v6.5.90
v6.5.91
v6.5.92
v6.5.93
v6.5.94
v6.5.95
v6.5.96
v6.5.97
v6.5.98
v6.5.99
v6.6.100
v6.6.101
v6.6.102
v6.6.103
v6.6.104
v6.6.105
v6.6.106
v6.6.107
v6.6.108
v6.6.109
v6.6.110
v6.6.111
v6.6.112
v6.6.113
v6.6.114
v6.6.115
v6.6.116
v6.6.117
v6.6.118
v6.6.119
v6.6.120
v6.6.121
v6.6.122
v6.6.123
v6.6.124
v6.6.125
v6.6.126
v6.6.127
v6.6.128
v6.6.129
v6.6.130
v6.6.131
v6.6.132
v6.6.133
v6.6.134
v6.6.135
v6.6.136
v6.6.137
v6.6.138
v6.6.139
v6.6.140
v6.6.141
v6.6.142
v6.6.143
v6.6.144
v6.6.145
v6.6.146
v6.6.147
v6.6.148
v6.6.149
v6.6.150
v6.6.151
v6.6.152
v6.6.153
v6.6.154
v6.6.155
v6.6.156
v6.6.157
v6.6.158
v6.6.159
v6.6.160
v6.6.161
v6.6.162
v6.6.163
v6.6.164
v6.6.165
v6.6.166
v6.6.167
v6.6.168
v6.6.169
v6.6.170
v6.6.171
v6.6.172
v6.6.173
v6.6.174
v6.6.175
v6.6.176
v6.6.177
v6.6.178
v6.6.179
v6.6.180
v6.6.181
v6.6.182
v6.6.183
v6.6.184
v6.6.25
v6.6.26
v6.6.27
v6.6.28
v6.6.29
v6.6.30
v6.6.31
v6.6.32
v6.6.33
v6.6.34
v6.6.35
v6.6.36
v6.6.37
v6.6.38
v6.6.39
v6.6.40
v6.6.41
v6.6.42
v6.6.43
v6.6.44
v6.6.45
v6.6.46
v6.6.47
v6.6.48
v6.6.49
v6.6.50
v6.6.51
v6.6.52
v6.6.53
v6.6.54
v6.6.55
v6.6.56
v6.6.57
v6.6.58
v6.6.59
v6.6.60
v6.6.61
v6.6.62
v6.6.63
v6.6.64
v6.6.65
v6.6.66
v6.6.67
v6.6.68
v6.6.69
v6.6.70
v6.6.71
v6.6.72
v6.6.73
v6.6.74
v6.6.75
v6.6.76
v6.6.77
v6.6.78
v6.6.79
v6.6.80
v6.6.81
v6.6.82
v6.6.83
v6.6.84
v6.6.85
v6.6.86
v6.6.87
v6.6.88
v6.6.89
v6.6.90
v6.6.91
v6.6.92
v6.6.93
v6.6.94
v6.6.95
v6.6.96
v6.6.97
v6.6.98
v6.6.99
v6.7.0
v6.7.1
v6.7.10
v6.7.11
v6.7.12
v6.7.13
v6.7.14
v6.7.15
v6.7.16
v6.7.17
v6.7.18
v6.7.19
v6.7.2
v6.7.20
v6.7.22
v6.7.23
v6.7.24
v6.7.25
v6.7.26
v6.7.27
v6.7.28
v6.7.29
v6.7.3
v6.7.30
v6.7.31
v6.7.32
v6.7.33
v6.7.34
v6.7.35
v6.7.36
v6.7.37
v6.7.38
v6.7.39
v6.7.40
v6.7.41
v6.7.42
v6.7.43
v6.7.44
v6.7.45
v6.7.46
v6.7.47
v6.7.48
v6.7.49
v6.7.5
v6.7.50
v6.7.51
v6.7.52
v6.7.53
v6.7.54
v6.7.55
v6.7.56
v6.7.57
v6.7.58
v6.7.59
v6.7.6
v6.7.60
v6.7.61
v6.7.62
v6.7.63
v6.7.64
v6.7.65
v6.7.66
v6.7.67
v6.7.68
v6.7.69
v6.7.7
v6.7.70
v6.7.71
v6.7.72
v6.7.73
v6.7.74
v6.7.75
v6.7.76
v6.7.77
v6.7.78
v6.7.79
v6.7.8
v6.7.80
v6.7.81
v6.7.82
v6.7.83
v6.7.84
v6.7.9
v6.8.1
v6.8.10
v6.8.100
v6.8.101
v6.8.102
v6.8.103
v6.8.104
v6.8.105
v6.8.106
v6.8.107
v6.8.108
v6.8.109
v6.8.11
v6.8.110
v6.8.111
v6.8.112
v6.8.113
v6.8.114
v6.8.115
v6.8.116
v6.8.117
v6.8.118
v6.8.119
v6.8.12
v6.8.120
v6.8.121
v6.8.122
v6.8.123
v6.8.124
v6.8.125
v6.8.126
v6.8.127
v6.8.128
v6.8.129
v6.8.13
v6.8.130
v6.8.131
v6.8.132
v6.8.133
v6.8.134
v6.8.135
v6.8.136
v6.8.137
v6.8.138
v6.8.139
v6.8.14
v6.8.140
v6.8.141
v6.8.142
v6.8.143
v6.8.144
v6.8.145
v6.8.146
v6.8.147
v6.8.148
v6.8.149
v6.8.15
v6.8.150
v6.8.151
v6.8.152
v6.8.16
v6.8.17
v6.8.18
v6.8.19
v6.8.20
v6.8.21
v6.8.22
v6.8.23
v6.8.24
v6.8.25
v6.8.26
v6.8.27
v6.8.28
v6.8.29
v6.8.3
v6.8.30
v6.8.31
v6.8.32
v6.8.33
v6.8.34
v6.8.35
v6.8.36
v6.8.37
v6.8.38
v6.8.39
v6.8.4
v6.8.40
v6.8.41
v6.8.42
v6.8.43
v6.8.44
v6.8.45
v6.8.46
v6.8.47
v6.8.48
v6.8.49
v6.8.5
v6.8.50
v6.8.52
v6.8.53
v6.8.54
v6.8.55
v6.8.56
v6.8.57
v6.8.58
v6.8.59
v6.8.6
v6.8.60
v6.8.61
v6.8.62
v6.8.63
v6.8.64
v6.8.65
v6.8.66
v6.8.67
v6.8.68
v6.8.69
v6.8.7
v6.8.70
v6.8.71
v6.8.72
v6.8.73
v6.8.74
v6.8.75
v6.8.76
v6.8.77
v6.8.78
v6.8.79
v6.8.8
v6.8.80
v6.8.81
v6.8.82
v6.8.83
v6.8.84
v6.8.85
v6.8.86
v6.8.87
v6.8.88
v6.8.89
v6.8.9
v6.8.90
v6.8.91
v6.8.92
v6.8.93
v6.8.94
v6.8.95
v6.8.96
v6.8.97
v6.8.98
v6.8.99

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-27832.json"
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "25.0.0"
            },
            {
                "fixed": "25.0.87"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "26.0.0"
            },
            {
                "fixed": "26.0.8"
            }
        ]
    }
]