What is CVE-2026-41951?

CVE-2026-41951 is a high-severity vulnerability in Growi, Inc. Growi, classified under Path Traversal. CVSS score: 7.2/10. Published 2026-05-11.

How severe is CVE-2026-41951?

High severity. CVSS v3 base score is 7.2 out of 10.

Path Traversal in Growi, Inc. Growi

CVE-2026-41951

Path traversal vulnerability exists in GROWI v7.5.0 and earlier, which may allow an attacker to execute arbitrary EJS templates on the server when an email server is running in GROWI.

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.001 (19.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.2 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H.

Affected products

Growi, Inc. Growi — versions v7.5.0 and earlier

Weakness classification (CWE)

CWE-22 — Path Traversal

References

vultures@jpcert.or.jp
vultures@jpcert.or.jp

Frequently asked questions

What is CVE-2026-41951?: CVE-2026-41951 is a high-severity vulnerability in Growi, Inc. Growi, classified under Path Traversal. CVSS score: 7.2/10. Published 2026-05-11.
How severe is CVE-2026-41951?: High severity. CVSS v3 base score is 7.2 out of 10.