Detections
Analytics

CVE-2026-10273

medium

Description

A vulnerability was found in php-censor up to 2.1.6. This affects an unknown function of the file src/Model/Build/GitBuild.php of the component Webhook Endpoint. Performing a manipulation of the argument commitId results in os command injection. The attack can be initiated remotely. The exploit has been made public and could be used. The patch is named cd68d102601320bd319d590b75f7652e66f0685f. It is recommended to apply a patch to fix this issue.

References

https://vuldb.com/vuln/367552/cti

https://vuldb.com/vuln/367552

https://vuldb.com/submit/825315

https://vuldb.com/cve/CVE-2026-10273

https://github.com/php-censor/php-censor/pull/441

https://github.com/php-censor/php-censor/issues/442

https://github.com/php-censor/php-censor/commit/cd68d102601320bd319d590b75f7652e66f0685f

https://github.com/php-censor/php-censor/

Details

Source: Mitre, NVD

Published: 2026-06-01

Updated: 2026-06-03

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 7.3

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Severity: High

CVSS v4

Base Score: 6.9

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Severity: Medium

EPSS

EPSS: 0.0102