CVE-2026-27832 | Intermesh groupoffice up to 6.8.152/25.0.86/26.0.7 Endpoint emailSelection advancedQueryData sql injection (GHSA-vfgv-8w8v-qpxr)

A vulnerability described as critical has been identified in Intermesh groupoffice up to 6.8.152/25.0.86/26.0.7. This impacts an unknown function of the file index.php?r=email/template/emailSelection of the component Endpoint. The manipulation of the argument advancedQueryData results in sql injection.

This vulnerability is reported as CVE-2026-27832. The attack can be launched remotely. No exploit exists.

Upgrading the affected component is recommended.VulDB Recent EntriesRead More