CVE-2026-27760

Exploit

EPSS 22.19%
Veröffentlicht 28.04.2026 13:43:24
Zuletzt bearbeitet 28.04.2026 20:18:13
Quelle disclosure@vulncheck.com
CVE-Watchlists
Login
Unerledigt
Login

OpenCATS PHP Code Injection via installer AJAX endpoint

OpenCATS prior to commit 3002a29 contains a PHP code injection vulnerability in the installer AJAX endpoint that allows unauthenticated attackers to execute arbitrary code by injecting PHP statements into the databaseConnectivity action parameter. Attackers can break out of the define() string context in config.php using a single quote and statement separator to inject malicious PHP code that persists and executes on every subsequent page load when the installation wizard remains incomplete.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 9

CNA 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Herstelleropencats

≫

Produkt OpenCATS

Default Statusunaffected

Version <= 0.9.7.4

Version 0

Status affected

Version 3002a29f4c3cada1aa2c4f3d4ae4e189906606b6

Status unaffected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	22.19%	0.974

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
disclosure@vulncheck.com	8.1	2.2	5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
disclosure@vulncheck.com	9.2	0	0	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

https://chocapikk.com/posts/2026/opencats-installer-rce/

https://github.com/opencats/OpenCATS/pull/706

https://github.com/opencats/OpenCATS/commit/3002a29f4c3cada1aa2c4f3d4ae4e189906606b6

https://github.com/opencats/OpenCATS/blob/46e4727/lib/CATSUtility.php#L142-L172

https://github.com/opencats/OpenCATS/blob/46e4727/modules/install/ajax/ui.php#L130

https://www.vulncheck.com/advisories/opencats-php-code-injection-via-installer-ajax-endpoint

https://nvd.nist.gov/vuln/detail/CVE-2026-27760

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-27760

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-27760

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-27760