Arbitrary file upload in Intermesh Groupoffice

CVE-2026-27947

Group-Office is an enterprise customer relationship management and groupware tool. Versions prior to 26.0.9, 25.0.87, and 6.8.154 have an authenticated Remote Code Execution vulnerability in the TNEF attachment processing flow. The vulnera…

EPSS: 0.001 (31.9th percentile) — read the EPSS interpretation.