CVE-2026-10273 MEDIUM

CVE-2026-10273: php-censor Webhook Endpoint GitBuild.php os command injection

Vendor N/A

Product php-censor

Weakness CWE-78

Published June 1, 2026

Last update June 3, 2026

View on NVD All CVEs

CVSS base score

6.9/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

Description

A vulnerability was found in php-censor up to 2.1.6. This affects an unknown function of the file src/Model/Build/GitBuild.php of the component Webhook Endpoint. Performing a manipulation of the argument commitId results in os command injection. The attack can be initiated remotely. The exploit has been made public and could be used. The patch is named cd68d102601320bd319d590b75f7652e66f0685f. It is recommended to apply a patch to fix this issue.

Key dates

Disclosure timeline

June 1, 2026 CVE published

June 3, 2026 Record updated

Identifiers

CVE CVE-2026-10273

CWE CWE-78

CVSS 6.9 / MEDIUM

Affected versions

Vendor N/A

Product php-censor

Affected 2.1.0

Vendor N/A

Product php-censor

Affected 2.1.1

Vendor N/A

Product php-censor

Affected 2.1.2

Vendor N/A

Product php-censor

Affected 2.1.3

Vendor N/A

Product php-censor

Affected 2.1.4

Vendor N/A

Product php-censor

Affected 2.1.5

Vendor N/A

Product php-censor

Affected 2.1.6