Authorization Bypass Through User-Controlled Key Affecting egroupware/egroupware package, versions <23.1.20260224>=26.0.20251208, <26.2.20260224


Severity

Recommended
0.0
critical
0
10

CVSS assessment by Snyk's Security Team. Learn more

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about Authorization Bypass Through User-Controlled Key vulnerabilities in an interactive lesson.

Start learning
  • Snyk IDSNYK-PHP-EGROUPWAREEGROUPWARE-17878653
  • published7 Jul 2026
  • disclosed7 Jul 2026
  • creditUnknown

Introduced: 7 Jul 2026

NewCVE-2026-27823  (opens in a new tab)
CWE-22  (opens in a new tab)
CWE-639  (opens in a new tab)
CWE-94  (opens in a new tab)

How to fix?

Upgrade egroupware/egroupware to version 23.1.20260224, 26.2.20260224 or higher.

Overview

egroupware/egroupware is a library that extends a classic groupware with an integrated CRM-system, a secure file-server and Collabora Online Office.

Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via improper authorization checks in the ajax_upload function and insufficient validation of user-controlled input. An attacker can execute arbitrary code on the server by bypassing access controls, uploading malicious files to sensitive locations, and leveraging arbitrary file read and write capabilities to inject code into critical configuration files. This can lead to full system compromise, including modification of administrative credentials and persistent access. This is only exploitable if user self-registration is enabled or the attacker has valid credentials.

References

CVSS Base Scores

version 4.0
version 3.1