CVE-2026-27760
OpenCATS PHP Code Injection via installer AJAX endpoint
CVSS Score
8.1
EPSS Score
0.0%
EPSS Percentile
0th
OpenCATS prior to commit 3002a29 contains a PHP code injection vulnerability in the installer AJAX endpoint that allows unauthenticated attackers to execute arbitrary code by injecting PHP statements into the databaseConnectivity action parameter. Attackers can break out of the define() string context in config.php using a single quote and statement separator to inject malicious PHP code that persists and executes on every subsequent page load when the installation wizard remains incomplete.
| CWE | CWE-94 |
| Vendor | opencats |
| Product | opencats |
| Published | Apr 28, 2026 |
| Last Updated | Apr 28, 2026 |
Stay Ahead of the Next One
Get instant alerts for opencats opencats
Be the first to know when new high vulnerabilities affecting opencats opencats are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected Versions
opencats / OpenCATS
0 โค 0.9.7.4
References
chocapikk.com: https://chocapikk.com/posts/2026/opencats-installer-rce/ github.com: https://github.com/opencats/OpenCATS/pull/706 github.com: https://github.com/opencats/OpenCATS/commit/3002a29f4c3cada1aa2c4f3d4ae4e189906606b6 github.com: https://github.com/opencats/OpenCATS/blob/46e4727/lib/CATSUtility.php#L142-L172 github.com: https://github.com/opencats/OpenCATS/blob/46e4727/modules/install/ajax/ui.php#L130 vulncheck.com: https://www.vulncheck.com/advisories/opencats-php-code-injection-via-installer-ajax-endpoint
Credits
Valentin Lobstein (Chocapikk) VulnCheck