CVE-2026-27891: CWE-20: Improper Input Validation in NeoRazorX facturascripts
FacturaScripts versions 2026 and below contain a critical vulnerability in the Plugins::add() function that allows a Zip Slip attack via improper input validation of file paths in uploaded ZIP archives. This flaw enables an attacker with high privileges to write arbitrary files outside the intended plugin directory, potentially leading to remote code execution by overwriting sensitive PHP files. The vulnerability arises because the system only checks for a single root folder in the ZIP but does not sanitize path traversal sequences within file names. This issue is fixed in version 2026. 1.
AI Analysis
Technical Summary
FacturaScripts, an open source accounting and invoicing software by NeoRazorX, has a vulnerability (CVE-2026-27891) in the Plugins::add() function where improper input validation of ZIP archive file paths allows a Zip Slip attack. The testZipFile function validates that the ZIP contains only one root folder but fails to sanitize individual file paths, allowing path traversal sequences (e.g., ../../) to escape the intended directory. An attacker can craft a ZIP file with a file named ValidPluginName/../../shell.php, bypassing the root folder check but causing the file to be extracted outside the plugin directory. This leads to arbitrary file write and remote code execution by overwriting PHP files. The vulnerability affects versions prior to 2026.1 and has a CVSS 3.1 score of 7.2 (high severity).
Potential Impact
Successful exploitation allows an attacker with high privileges to perform arbitrary file writes outside the designated plugins directory, potentially overwriting critical PHP files. This can lead to remote code execution, compromising the confidentiality, integrity, and availability of the affected system. The vulnerability is rated high severity with a CVSS score of 7.2.
Mitigation Recommendations
This vulnerability is fixed in FacturaScripts version 2026.1. Users should upgrade to version 2026.1 or later to remediate this issue. No official patch or temporary fix is indicated other than upgrading. Since this is not a cloud service, remediation depends on applying the vendor's fixed version.
CVE-2026-27891: CWE-20: Improper Input Validation in NeoRazorX facturascripts
Description
FacturaScripts versions 2026 and below contain a critical vulnerability in the Plugins::add() function that allows a Zip Slip attack via improper input validation of file paths in uploaded ZIP archives. This flaw enables an attacker with high privileges to write arbitrary files outside the intended plugin directory, potentially leading to remote code execution by overwriting sensitive PHP files. The vulnerability arises because the system only checks for a single root folder in the ZIP but does not sanitize path traversal sequences within file names. This issue is fixed in version 2026. 1.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
FacturaScripts, an open source accounting and invoicing software by NeoRazorX, has a vulnerability (CVE-2026-27891) in the Plugins::add() function where improper input validation of ZIP archive file paths allows a Zip Slip attack. The testZipFile function validates that the ZIP contains only one root folder but fails to sanitize individual file paths, allowing path traversal sequences (e.g., ../../) to escape the intended directory. An attacker can craft a ZIP file with a file named ValidPluginName/../../shell.php, bypassing the root folder check but causing the file to be extracted outside the plugin directory. This leads to arbitrary file write and remote code execution by overwriting PHP files. The vulnerability affects versions prior to 2026.1 and has a CVSS 3.1 score of 7.2 (high severity).
Potential Impact
Successful exploitation allows an attacker with high privileges to perform arbitrary file writes outside the designated plugins directory, potentially overwriting critical PHP files. This can lead to remote code execution, compromising the confidentiality, integrity, and availability of the affected system. The vulnerability is rated high severity with a CVSS score of 7.2.
Mitigation Recommendations
This vulnerability is fixed in FacturaScripts version 2026.1. Users should upgrade to version 2026.1 or later to remediate this issue. No official patch or temporary fix is indicated other than upgrading. Since this is not a cloud service, remediation depends on applying the vendor's fixed version.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-02-24T15:19:29.717Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a0b89ebec166c07b0006fbe
Added to database: 5/18/2026, 9:51:39 PM
Last enriched: 5/18/2026, 10:06:36 PM
Last updated: 5/18/2026, 11:09:44 PM
Views: 6
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.