CVE-2026-10273

HIGH 7.3

php-censor Webhook Endpoint GitBuild.php os command injection

CVSS Score

7.3

EPSS Score

1.0%

EPSS Percentile

78th

A vulnerability was found in php-censor up to 2.1.6. This affects an unknown function of the file src/Model/Build/GitBuild.php of the component Webhook Endpoint. Performing a manipulation of the argument commitId results in os command injection. The attack can be initiated remotely. The exploit has been made public and could be used. The patch is named cd68d102601320bd319d590b75f7652e66f0685f. It is recommended to apply a patch to fix this issue.

CWE	CWE-78 CWE-77
Vendor	n/a
Product	php-censor
Published	Jun 1, 2026
Last Updated	Jun 3, 2026

Stay Ahead of the Next One

Get instant alerts for n/a php-censor

Be the first to know when new high vulnerabilities affecting n/a php-censor are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

n/a / php-censor

2.1.0 2.1.1 2.1.2 2.1.3 2.1.4 2.1.5 2.1.6

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/vuln/367552 vuldb.com: https://vuldb.com/vuln/367552/cti vuldb.com: https://vuldb.com/cve/CVE-2026-10273 vuldb.com: https://vuldb.com/submit/825315 github.com: https://github.com/php-censor/php-censor/issues/442 github.com: https://github.com/php-censor/php-censor/pull/441 github.com: https://github.com/php-censor/php-censor/commit/cd68d102601320bd319d590b75f7652e66f0685f github.com: https://github.com/php-censor/php-censor/

Credits

🔍 anch0r (VulDB User)