HIGH
horde
CVE published 2026-07-08
CVE-2026-60102
CVE-2026-60102 is an OS command injection vulnerability in the Horde_Vfs_Smb driver of Horde Virtual File System (VFS) API before version 3.0.1. The vulnerability occurs because the _escapeShellCommand() method fails to sanitize command substitution sequences. This allows authenticated attackers to inject arbitrary shell commands through user-controlled filenames. The commands are executed via proc_open() [truncated]