Perceptive Security
SOC/SIEM Consultancy
A vulnerability was found in php-censor up to 2.1.6. This affects an unknown function of the file src/Model/Build/GitBuild.php of the component Webhook Endpoint…
Published:
31 May 2026 at 22:00:00
Alert date:
1 June 2026 at 18:04:01
Source:
nvd.nist.gov
Web Technologies
A critical vulnerability has been discovered in php-censor versions up to 2.1.6. The vulnerability affects the GitBuild.php file in the Webhook Endpoint component, where manipulation of the commitId argument leads to OS command injection. This vulnerability can be exploited remotely and the exploit code has been made publicly available. The vulnerability exists in an unknown function of the src/Model/Build/GitBuild.php file. A patch has been released with commit hash cd68d102601320bd319d590b75f7652e66f0685f and immediate application is recommended to prevent potential exploitation.
Technical details
Mitigation steps:
Affected products:
php-censor
Related links:
https://nvd.nist.gov/vuln/detail/CVE-2026-10273
https://github.com/php-censor/php-censor/
https://github.com/php-censor/php-censor/commit/cd68d102601320bd319d590b75f7652e66f0685f
https://github.com/php-censor/php-censor/issues/442
https://github.com/php-censor/php-censor/pull/441
https://vuldb.com/cve/CVE-2026-10273
https://vuldb.com/submit/825315
https://vuldb.com/vuln/367552
https://vuldb.com/vuln/367552/cti
Related CVE's:
Related threat actors:
IOC's:
This article was created with the assistance of AI technology by Perceptive.