RCE in Efwgrp Efw4.x

CVE-2026-44258

efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the elfinder_checkRisk function validates target and targets for path traversal and home containment, but does not validate the dst (destination) parameter used by elfinder_past…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.001 (19.5th percentile) — read the EPSS interpretation.