SQL Injection in Intermesh Groupoffice

CVE-2026-27832

Group-Office is an enterprise customer relationship management and groupware tool. Versions prior to 26.0.8, 25.0.87, and 6.8.153 have a SQL Injection (SQLi) vulnerability, exploitable through the `advancedQueryData` parameter (`comparator…

Vulnerability class: SQL Injection

EPSS: 0.000 (13.5th percentile) — read the EPSS interpretation.

Affected products

Intermesh Groupoffice — versions < 6.8.153, >= 25.0.0, < 25.0.87, >= 26.0.0, < 26.0.8

Weakness classification (CWE)

CWE-89 — SQL Injection

References

https://github.com/Intermesh/groupoffice/security/advisories/GHSA-vfgv-8w8v-qpxr (x_refsource_CONFIRM)