CVE-2026-6902: CWE-94 Code Injection in Perforce P4 (Helix Core)
A vulnerability in Command-Line Client in P4 Server prior to the 2025.2 Patch 2, identified as CVE-2026-6902, has been fixed in P4 Server to address potential security risks.
AI Analysis
Technical Summary
This vulnerability involves code injection in the Command-Line Client component of Perforce P4 Server (Helix Core) before version 2025.2 Patch 2. The CVSS 4.0 score of 7.7 indicates a high-severity issue with network attack vector, low attack complexity, and partial user interaction required. The vulnerability could lead to high impact on confidentiality, integrity, and availability. The vendor has addressed this vulnerability in the 2025.2 Patch 2 update.
Potential Impact
Successful exploitation of this vulnerability could allow an unauthenticated attacker, with partial user interaction, to inject and execute arbitrary code on the affected system. This can compromise the confidentiality, integrity, and availability of the P4 Server environment. However, no known exploits have been reported in the wild so far.
Mitigation Recommendations
Apply the official patch by upgrading to Perforce P4 Server version 2025.2 Patch 2 or later, where this vulnerability has been fixed. Since no vendor advisory link or explicit remediation level is provided, confirm patch availability and details from Perforce's official resources before deployment. Patch status is not yet confirmed in the provided data — check the vendor advisory for current remediation guidance.
CVE-2026-6902: CWE-94 Code Injection in Perforce P4 (Helix Core)
Description
A vulnerability in Command-Line Client in P4 Server prior to the 2025.2 Patch 2, identified as CVE-2026-6902, has been fixed in P4 Server to address potential security risks.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability involves code injection in the Command-Line Client component of Perforce P4 Server (Helix Core) before version 2025.2 Patch 2. The CVSS 4.0 score of 7.7 indicates a high-severity issue with network attack vector, low attack complexity, and partial user interaction required. The vulnerability could lead to high impact on confidentiality, integrity, and availability. The vendor has addressed this vulnerability in the 2025.2 Patch 2 update.
Potential Impact
Successful exploitation of this vulnerability could allow an unauthenticated attacker, with partial user interaction, to inject and execute arbitrary code on the affected system. This can compromise the confidentiality, integrity, and availability of the P4 Server environment. However, no known exploits have been reported in the wild so far.
Mitigation Recommendations
Apply the official patch by upgrading to Perforce P4 Server version 2025.2 Patch 2 or later, where this vulnerability has been fixed. Since no vendor advisory link or explicit remediation level is provided, confirm patch availability and details from Perforce's official resources before deployment. Patch status is not yet confirmed in the provided data — check the vendor advisory for current remediation guidance.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Perforce
- Date Reserved
- 2026-04-23T09:27:12.742Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a0ada2eec166c07b099a575
Added to database: 5/18/2026, 9:21:50 AM
Last enriched: 5/18/2026, 9:36:41 AM
Last updated: 5/20/2026, 1:35:02 PM
Views: 16
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.