CVE-2026-41951: Path traversal vulnerability exists in GROWI v7.5.0 and earlier, which may allow an attacker to execute arbitrary EJS...
HIGH
CVSS 7.2
Exploit Available
Published: May 11, 2026 | Last Modified: May 11, 2026
Description
Path traversal vulnerability exists in GROWI v7.5.0 and earlier, which may allow an attacker to execute arbitrary EJS templates on the server when an email server is running in GROWI.
Ghostwire Analysis — What This Means Practically
- High CVSS score indicates significant risk — exploitation could lead to substantial data exposure or system compromise.
- Exploit code is reported to be available, increasing the likelihood of active exploitation.
This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.
Security Coverage (1 articles)
References