CVE-2026-10273

HIGH SEVERITY

CVSS Score & Metrics

Base Score

7.3 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L                                    

Vulnerability Description

A vulnerability was found in php-censor up to 2.1.6. This affects an unknown function of the file src/Model/Build/GitBuild.php of the component Webhook Endpoint. Performing a manipulation of the argument commitId results in os command injection. The attack can be initiated remotely. The exploit has been made public and could be used. The patch is named cd68d102601320bd319d590b75f7652e66f0685f. It is recommended to apply a patch to fix this issue.

Vulnerability Details

Published Date

June 01, 2026

Last Modified

June 01, 2026

CWE ID

CWE-77

Source

NVD

Product

php-censor

External References

https://github.com/php-censor/php-censor/
https://github.com/php-censor/php-censor/commit/cd68d102601320bd319d590b75f7652e66f0685f
https://github.com/php-censor/php-censor/issues/442
https://github.com/php-censor/php-censor/pull/441
https://vuldb.com/cve/CVE-2026-10273
https://vuldb.com/submit/825315
https://vuldb.com/vuln/367552
https://vuldb.com/vuln/367552/cti

CVE-2026-10273

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment