Skip to main content

GROWI EUVD-2026-29047

| CVE-2026-41951 HIGH
Path Traversal (CWE-22)
2026-05-11 jpcert GHSA-x9j3-g3hc-fc94
Path Traversal
8.6
CVSS 4.0
Share

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
X

Lifecycle Timeline

3
Analysis Generated
May 11, 2026 - 10:31 vuln.today
CVSS changed
May 11, 2026 - 10:22 NVD
7.2 (HIGH) 8.6 (HIGH)
CVE Published
May 11, 2026 - 09:32 nvd
HIGH 8.6

DescriptionNVD

Path traversal vulnerability exists in GROWI v7.5.0 and earlier, which may allow an attacker to execute arbitrary EJS templates on the server when an email server is running in GROWI.

AnalysisAI

Remote path traversal in GROWI v7.5.0 and earlier allows authenticated administrators to execute arbitrary EJS templates on the server when an email server is configured. The vulnerability enables template injection through directory traversal, potentially leading to remote code execution. …

Sign in for full analysis, threat intelligence, and remediation guidance.

RemediationAI

Within 24 hours: identify all GROWI deployments running v7.5.0 or earlier with email server configuration enabled and document administrator account holders. Within 7 days: restrict administrator role to essential personnel only, enforce multi-factor authentication on all administrative accounts, and disable email server functionality if not actively required. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

EUVD-2026-29047 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy