{"id":78253,"date":"2026-05-11T13:02:21","date_gmt":"2026-05-11T09:32:21","guid":{"rendered":"https:\/\/afaghhosting.net\/blog\/cve-2026-41951-growi-ejs-template-injection\/"},"modified":"2026-05-11T13:02:21","modified_gmt":"2026-05-11T09:32:21","slug":"cve-2026-41951-growi-ejs-template-injection","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/cve-2026-41951-growi-ejs-template-injection\/","title":{"rendered":"CVE-2026-41951 &#8211; GROWI EJS Template Injection"},"content":{"rendered":"<p>CVE ID :CVE-2026-41951<\/p>\n<p>  Published : May 11, 2026, 9:32 a.m. | 49\u00a0minutes ago<\/p>\n<p>  Description :Path traversal vulnerability exists in GROWI v7.5.0 and earlier, which may allow an attacker to execute arbitrary EJS templates on the server when an email server is running in GROWI.<\/p>\n<p>  Severity: 8.6 | HIGH<\/p>\n<p>  Visit the link for more details, such as CVSS details, affected products, timeline, and more&#8230;\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"<p>CVE ID :CVE-2026-41951 Published : May 11, 2026, 9:32 a.m. | 49\u00a0minutes ago Description :Path traversal vulnerability exists in GROWI v7.5.0 and earlier, which may allow an attacker to execute arbitrary EJS templates on the server when an email server is running in GROWI. Severity: 8.6 | HIGH Visit the link for more details, such &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-78253","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/78253","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=78253"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/78253\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=78253"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=78253"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=78253"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}