RCE in Perforce P4 (Helix Core)

CVE-2026-6902

A Remote Code Execution vulnerability in P4 (Helix Core) Server's Command-Line Client, prior to the 2025.2 Patch 2, has been fixed to address potential security risks.

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.004 (63.2th percentile) — read the EPSS interpretation.

Affected products

Perforce P4 (Helix Core) — versions 0

Weakness classification (CWE)

CWE-94 — Code Injection

References

security@puppet.com