What is the CVSS score of CVE-2026-41231?

CVE-2026-41231 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Froxlor are affected by CVE-2026-41231?

Froxlor versions before 2.3.6 contain a privilege escalation vulnerability that allows authenticated customers to gain unauthorized ownership of critical system directories through symlink…. A patch is available.

How to fix or mitigate CVE-2026-41231?

Within 24 hours: Identify all Froxlor instances and their current versions. Within 7 days: Upgrade all Froxlor installations to version 2.3.6 or later; verify ExportCron permissions and validate symlink protections in export paths. Within 30 days: Audit system directories modified by Froxlor processes; review customer access logs for suspicious export activities; implement file integrity monitoring on critical system directories.

Froxlor CVE-2026-41231

EUVD-2026-25182 HIGH

Improper Link Resolution Before File Access (CWE-59)

2026-04-23 GitHub_M

GHSA-75h4-c557-j89r

Authentication Bypass Froxlor

7.5

CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

7.5 HIGH

AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Patch released

Apr 27, 2026 - 17:01 nvd

Patch available

Re-analysis Queued

Apr 23, 2026 - 18:42 vuln.today

cvss_changed

Analysis Generated

Apr 23, 2026 - 06:48 vuln.today

Patch available

Apr 23, 2026 - 06:16 EUVD

EUVD ID Assigned

Apr 23, 2026 - 04:00 euvd

EUVD-2026-25182

Analysis Generated

Apr 23, 2026 - 04:00 vuln.today

CVE Published

Apr 23, 2026 - 03:52 nvd

HIGH 7.5

DescriptionGitHub Advisory

Froxlor is open source server administration software. Prior to version 2.3.6, DataDump.add() constructs the export destination path from user-supplied input without passing the $fixed_homedir parameter to FileDir::makeCorrectDir(), bypassing the symlink validation that was added to all other customer-facing path operations (likely as the fix for CVE-2023-6069). When the ExportCron runs as root, it executes chown -R on the resolved symlink target, allowing a customer to take ownership of arbitrary directories on the system. Version 2.3.6 contains an updated fix.

AnalysisAI

Symlink-based privilege escalation in Froxlor versions prior to 2.3.6 allows authenticated customers to gain ownership of arbitrary system directories. When the ExportCron executes as root, it performs 'chown -R' on user-controlled export paths that bypass symlink validation (introduced to fix CVE-2023-6069), enabling attackers to place symbolic links and hijack ownership of critical system files. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon

Authenticate as customer

Delivery

Create symlink to target directory

Exploit

Trigger export via panel

Install

Wait for ExportCron execution

chown follows symlink

Execute

Modify owned system files

Impact

Escalate to root access

Recon

Authenticate as customer

Delivery

Create symlink to target directory

Exploit

Trigger export via panel

Install

Wait for ExportCron execution

chown follows symlink

Execute

Modify owned system files

Impact

Escalate to root access

Vulnerability AssessmentAI

Exploitation	Requires authenticated customer account access to the Froxlor administration panel. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	The CVSS score of 7.5 (High) reflects network attack vector with high attack complexity, requiring low privileges and no user interaction, with high impact to confidentiality, integrity, and availability. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An authenticated customer with a basic hosting account on a Froxlor-managed server creates a symbolic link in their home directory pointing to /etc/shadow. They then trigger a data export operation through the Froxlor panel, specifying the symlink path as the export destination. …
Remediation	Upgrade immediately to Froxlor version 2.3.6, released with the fix documented in commit 2987b0e8806ef12b532410050ad76d13d673a87d (https://github.com/froxlor/froxlor/commit/2987b0e8806ef12b532410050ad76d13d673a87d). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all Froxlor instances and their current versions. …

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-41231 vulnerability details – vuln.today

Back

Froxlor CVE-2026-41231

Severity by source

CVSS VectorGitHub Advisory

Lifecycle Timeline

DescriptionGitHub Advisory

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

Recommended ActionAI

Share

External POC / Exploit Code