CVE-2026-34838: CWE-502: Deserialization of Untrusted Data in Intermesh groupoffice
Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.156, 25.0.90, and 26.0.12, a vulnerability in the AbstractSettingsCollection model leads to insecure deserialization when these settings are loaded. By injecting a serialized FileCookieJar object into a setting string, an authenticated attacker can achieve Arbitrary File Write, leading directly to Remote Code Execution (RCE) on the server. This issue has been patched in versions 6.8.156, 25.0.90, and 26.0.12.
AI Analysis
Technical Summary
Group-Office, an enterprise CRM and groupware tool by Intermesh, contains a deserialization vulnerability in the AbstractSettingsCollection model before versions 6.8.156, 25.0.90, and 26.0.12. An authenticated attacker can exploit insecure deserialization by injecting a serialized FileCookieJar object into a setting string, enabling arbitrary file writes and subsequent remote code execution on the server. This vulnerability is tracked as CVE-2026-34838 with a CVSS 3.1 base score of 10.0, indicating critical severity. The issue is resolved in the mentioned patched versions.
Potential Impact
Successful exploitation allows an authenticated attacker to perform arbitrary file writes on the server, leading directly to remote code execution. This compromises the confidentiality, integrity, and availability of the affected system, potentially allowing full system takeover.
Mitigation Recommendations
This vulnerability has been officially patched in Group-Office versions 6.8.156, 25.0.90, and 26.0.12. Users should upgrade to these or later versions to remediate the issue. No additional mitigations are specified or required once patched.
CVE-2026-34838: CWE-502: Deserialization of Untrusted Data in Intermesh groupoffice
Description
Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.156, 25.0.90, and 26.0.12, a vulnerability in the AbstractSettingsCollection model leads to insecure deserialization when these settings are loaded. By injecting a serialized FileCookieJar object into a setting string, an authenticated attacker can achieve Arbitrary File Write, leading directly to Remote Code Execution (RCE) on the server. This issue has been patched in versions 6.8.156, 25.0.90, and 26.0.12.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Group-Office, an enterprise CRM and groupware tool by Intermesh, contains a deserialization vulnerability in the AbstractSettingsCollection model before versions 6.8.156, 25.0.90, and 26.0.12. An authenticated attacker can exploit insecure deserialization by injecting a serialized FileCookieJar object into a setting string, enabling arbitrary file writes and subsequent remote code execution on the server. This vulnerability is tracked as CVE-2026-34838 with a CVSS 3.1 base score of 10.0, indicating critical severity. The issue is resolved in the mentioned patched versions.
Potential Impact
Successful exploitation allows an authenticated attacker to perform arbitrary file writes on the server, leading directly to remote code execution. This compromises the confidentiality, integrity, and availability of the affected system, potentially allowing full system takeover.
Mitigation Recommendations
This vulnerability has been officially patched in Group-Office versions 6.8.156, 25.0.90, and 26.0.12. Users should upgrade to these or later versions to remediate the issue. No additional mitigations are specified or required once patched.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-03-30T20:52:53.284Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 69cec5aae6bfc5ba1dfbd82c
Added to database: 4/2/2026, 7:38:18 PM
Last enriched: 4/9/2026, 10:49:04 PM
Last updated: 5/20/2026, 8:52:37 PM
Views: 135
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.