Vulnerability Details CVE-2026-22243
EGroupware is a Web based groupware server written in PHP. A SQL Injection vulnerability exists in the core components of EGroupware prior to versions 23.1.20260113 and 26.0.20260113, specifically in the `Nextmatch` filter processing. The flaw allows authenticated attackers to inject arbitrary SQL commands into the `WHERE` clause of database queries. This is achieved by exploiting a PHP type juggling issue where JSON decoding converts numeric strings into integers, bypassing the `is_int()` security check used by the application. Versions 23.1.20260113 and 26.0.20260113 patch the vulnerability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 9.1%
CVSS Severity
CVSS v3 Score 8.8
References
Products affected by CVE-2026-22243
-
cpe:2.3:a:egroupware:egroupware:14.1.20140417
-
cpe:2.3:a:egroupware:egroupware:14.1.20140419
-
cpe:2.3:a:egroupware:egroupware:14.1.20140424
-
cpe:2.3:a:egroupware:egroupware:14.1.20140425
-
cpe:2.3:a:egroupware:egroupware:14.1.20140429
-
cpe:2.3:a:egroupware:egroupware:14.1.20140512
-
cpe:2.3:a:egroupware:egroupware:14.1.20140514
-
cpe:2.3:a:egroupware:egroupware:14.1.20140617
-
cpe:2.3:a:egroupware:egroupware:14.1.20140627
-
cpe:2.3:a:egroupware:egroupware:14.1.20140630
-
cpe:2.3:a:egroupware:egroupware:14.1.20140708
-
cpe:2.3:a:egroupware:egroupware:14.1.20140710
-
cpe:2.3:a:egroupware:egroupware:14.1.20140714
-
cpe:2.3:a:egroupware:egroupware:14.1.20140724
-
cpe:2.3:a:egroupware:egroupware:14.1.20140725
-
cpe:2.3:a:egroupware:egroupware:14.1.20140731
-
cpe:2.3:a:egroupware:egroupware:14.1.20140812
-
cpe:2.3:a:egroupware:egroupware:14.1.20140827
-
cpe:2.3:a:egroupware:egroupware:14.1.20140828
-
cpe:2.3:a:egroupware:egroupware:14.1.20140902
-
cpe:2.3:a:egroupware:egroupware:14.1.20140903
-
cpe:2.3:a:egroupware:egroupware:14.1.20140909
-
cpe:2.3:a:egroupware:egroupware:14.1.20140910
-
cpe:2.3:a:egroupware:egroupware:14.1.20140923
-
cpe:2.3:a:egroupware:egroupware:14.1.20141001
-
cpe:2.3:a:egroupware:egroupware:14.1.20141002
-
cpe:2.3:a:egroupware:egroupware:14.1.20141007
-
cpe:2.3:a:egroupware:egroupware:14.1.20141010
-
cpe:2.3:a:egroupware:egroupware:14.1.20141021
-
cpe:2.3:a:egroupware:egroupware:14.1.20141106
-
cpe:2.3:a:egroupware:egroupware:14.1.20141112
-
cpe:2.3:a:egroupware:egroupware:14.1.20141113
-
cpe:2.3:a:egroupware:egroupware:14.1.20141205
-
cpe:2.3:a:egroupware:egroupware:14.1.20141219
-
cpe:2.3:a:egroupware:egroupware:14.1.20150113
-
cpe:2.3:a:egroupware:egroupware:14.1.20150121
-
cpe:2.3:a:egroupware:egroupware:14.1.20150210
-
cpe:2.3:a:egroupware:egroupware:14.2.20141209
-
cpe:2.3:a:egroupware:egroupware:14.2.20141210
-
cpe:2.3:a:egroupware:egroupware:14.2.20141211
-
cpe:2.3:a:egroupware:egroupware:14.2.20141219
-
cpe:2.3:a:egroupware:egroupware:14.2.20150113
-
cpe:2.3:a:egroupware:egroupware:14.2.20150121
-
cpe:2.3:a:egroupware:egroupware:14.2.20150206
-
cpe:2.3:a:egroupware:egroupware:14.2.20150210
-
cpe:2.3:a:egroupware:egroupware:14.2.20150212
-
cpe:2.3:a:egroupware:egroupware:14.2.20150218
-
cpe:2.3:a:egroupware:egroupware:14.2.20150310
-
cpe:2.3:a:egroupware:egroupware:14.2.20150402
-
cpe:2.3:a:egroupware:egroupware:14.2.20150421
-
cpe:2.3:a:egroupware:egroupware:14.2.20150428
-
cpe:2.3:a:egroupware:egroupware:14.2.20150429
-
cpe:2.3:a:egroupware:egroupware:14.2.20150501
-
cpe:2.3:a:egroupware:egroupware:14.2.20150603
-
cpe:2.3:a:egroupware:egroupware:14.2.20150707
-
cpe:2.3:a:egroupware:egroupware:14.2.20150717
-
cpe:2.3:a:egroupware:egroupware:14.3.20150728
-
cpe:2.3:a:egroupware:egroupware:14.3.20150729
-
cpe:2.3:a:egroupware:egroupware:14.3.20150811
-
cpe:2.3:a:egroupware:egroupware:14.3.20150821
-
cpe:2.3:a:egroupware:egroupware:14.3.20150826
-
cpe:2.3:a:egroupware:egroupware:14.3.20150908
-
cpe:2.3:a:egroupware:egroupware:14.3.20151012
-
cpe:2.3:a:egroupware:egroupware:14.3.20151027
-
cpe:2.3:a:egroupware:egroupware:14.3.20151028
-
cpe:2.3:a:egroupware:egroupware:14.3.20151029
-
cpe:2.3:a:egroupware:egroupware:14.3.20151030
-
cpe:2.3:a:egroupware:egroupware:14.3.20151110
-
cpe:2.3:a:egroupware:egroupware:14.3.20151130
-
cpe:2.3:a:egroupware:egroupware:14.3.20151201
-
cpe:2.3:a:egroupware:egroupware:14.3.20160112
-
cpe:2.3:a:egroupware:egroupware:14.3.20160113
-
cpe:2.3:a:egroupware:egroupware:14.3.20160304
-
cpe:2.3:a:egroupware:egroupware:14.3.20160428
-
cpe:2.3:a:egroupware:egroupware:14.3.20160512
-
cpe:2.3:a:egroupware:egroupware:14.3.20160522
-
cpe:2.3:a:egroupware:egroupware:14.3.20160524
-
cpe:2.3:a:egroupware:egroupware:14.3.20160525
-
cpe:2.3:a:egroupware:egroupware:14.3.20160708
-
cpe:2.3:a:egroupware:egroupware:16.1.20160603
-
cpe:2.3:a:egroupware:egroupware:16.1.20160621
-
cpe:2.3:a:egroupware:egroupware:16.1.20160627
-
cpe:2.3:a:egroupware:egroupware:16.1.20160630
-
cpe:2.3:a:egroupware:egroupware:16.1.20160708
-
cpe:2.3:a:egroupware:egroupware:16.1.20160715
-
cpe:2.3:a:egroupware:egroupware:16.1.20160801
-
cpe:2.3:a:egroupware:egroupware:16.1.20160810
-
cpe:2.3:a:egroupware:egroupware:16.1.20160905
-
cpe:2.3:a:egroupware:egroupware:16.1.20161006
-
cpe:2.3:a:egroupware:egroupware:16.1.20161102
-
cpe:2.3:a:egroupware:egroupware:16.1.20161107
-
cpe:2.3:a:egroupware:egroupware:16.1.20161208
-
cpe:2.3:a:egroupware:egroupware:16.1.20170118
-
cpe:2.3:a:egroupware:egroupware:16.1.20170203
-
cpe:2.3:a:egroupware:egroupware:16.1.20170315
-
cpe:2.3:a:egroupware:egroupware:16.1.20170415
-
cpe:2.3:a:egroupware:egroupware:16.1.20170612
-
cpe:2.3:a:egroupware:egroupware:16.1.20170613
-
cpe:2.3:a:egroupware:egroupware:16.1.20170703
-
cpe:2.3:a:egroupware:egroupware:16.1.20170922
-
cpe:2.3:a:egroupware:egroupware:16.1.20171106
-
cpe:2.3:a:egroupware:egroupware:16.1.20180116
-
cpe:2.3:a:egroupware:egroupware:16.1.20180130
-
cpe:2.3:a:egroupware:egroupware:17.1.20171023
-
cpe:2.3:a:egroupware:egroupware:17.1.20171106
-
cpe:2.3:a:egroupware:egroupware:17.1.20171115
-
cpe:2.3:a:egroupware:egroupware:17.1.20171129
-
cpe:2.3:a:egroupware:egroupware:17.1.20171130
-
cpe:2.3:a:egroupware:egroupware:17.1.20171218
-
cpe:2.3:a:egroupware:egroupware:17.1.20180118
-
cpe:2.3:a:egroupware:egroupware:17.1.20180130
-
cpe:2.3:a:egroupware:egroupware:17.1.20180209
-
cpe:2.3:a:egroupware:egroupware:17.1.20180321
-
cpe:2.3:a:egroupware:egroupware:17.1.20180413
-
cpe:2.3:a:egroupware:egroupware:17.1.20180523
-
cpe:2.3:a:egroupware:egroupware:17.1.20180625
-
cpe:2.3:a:egroupware:egroupware:17.1.20180720
-
cpe:2.3:a:egroupware:egroupware:17.1.20180831
-
cpe:2.3:a:egroupware:egroupware:17.1.20181018
-
cpe:2.3:a:egroupware:egroupware:17.1.20181204
-
cpe:2.3:a:egroupware:egroupware:17.1.20181205
-
cpe:2.3:a:egroupware:egroupware:17.1.20190111
-
cpe:2.3:a:egroupware:egroupware:17.1.20190214
-
cpe:2.3:a:egroupware:egroupware:17.1.20190222
-
cpe:2.3:a:egroupware:egroupware:17.1.20190402
-
cpe:2.3:a:egroupware:egroupware:17.1.20190529
-
cpe:2.3:a:egroupware:egroupware:17.1.20190808
-
cpe:2.3:a:egroupware:egroupware:19.1.20190716
-
cpe:2.3:a:egroupware:egroupware:19.1.20190717
-
cpe:2.3:a:egroupware:egroupware:19.1.20190726
-
cpe:2.3:a:egroupware:egroupware:19.1.20190806
-
cpe:2.3:a:egroupware:egroupware:19.1.20190813
-
cpe:2.3:a:egroupware:egroupware:19.1.20190822
-
cpe:2.3:a:egroupware:egroupware:19.1.20190917
-
cpe:2.3:a:egroupware:egroupware:19.1.20190925
-
cpe:2.3:a:egroupware:egroupware:19.1.20191031
-
cpe:2.3:a:egroupware:egroupware:19.1.20191119
-
cpe:2.3:a:egroupware:egroupware:19.1.20191220
-
cpe:2.3:a:egroupware:egroupware:19.1.20200130
-
cpe:2.3:a:egroupware:egroupware:19.1.20200318
-
cpe:2.3:a:egroupware:egroupware:19.1.20200409
-
cpe:2.3:a:egroupware:egroupware:19.1.20200430
-
cpe:2.3:a:egroupware:egroupware:20.1.20200525
-
cpe:2.3:a:egroupware:egroupware:21.1.20210318
-
cpe:2.3:a:egroupware:egroupware:21.1.20210329
-
cpe:2.3:a:egroupware:egroupware:21.1.20210406
-
cpe:2.3:a:egroupware:egroupware:21.1.20210420
-
cpe:2.3:a:egroupware:egroupware:21.1.20210504
-
cpe:2.3:a:egroupware:egroupware:21.1.20210521
-
cpe:2.3:a:egroupware:egroupware:21.1.20210629
-
cpe:2.3:a:egroupware:egroupware:21.1.20210723
-
cpe:2.3:a:egroupware:egroupware:21.1.20210923
-
cpe:2.3:a:egroupware:egroupware:21.1.20211130
-
cpe:2.3:a:egroupware:egroupware:21.1.20220207
-
cpe:2.3:a:egroupware:egroupware:21.1.20220406
-
cpe:2.3:a:egroupware:egroupware:21.1.20220408
-
cpe:2.3:a:egroupware:egroupware:21.1.20220905
-
cpe:2.3:a:egroupware:egroupware:21.1.20220916
-
cpe:2.3:a:egroupware:egroupware:21.1.20221202
-
cpe:2.3:a:egroupware:egroupware:21.1.20230210
-
cpe:2.3:a:egroupware:egroupware:22.1.20220920
-
cpe:2.3:a:egroupware:egroupware:23.1.20230110
-
cpe:2.3:a:egroupware:egroupware:23.1.20230114
-
cpe:2.3:a:egroupware:egroupware:23.1.20230125
-
cpe:2.3:a:egroupware:egroupware:23.1.20230210
-
cpe:2.3:a:egroupware:egroupware:23.1.20230228
-
cpe:2.3:a:egroupware:egroupware:23.1.20230314
-
cpe:2.3:a:egroupware:egroupware:23.1.20230328
-
cpe:2.3:a:egroupware:egroupware:23.1.20230412
-
cpe:2.3:a:egroupware:egroupware:23.1.20230428
-
cpe:2.3:a:egroupware:egroupware:23.1.20230503
-
cpe:2.3:a:egroupware:egroupware:23.1.20230524
-
cpe:2.3:a:egroupware:egroupware:23.1.20230620
-
cpe:2.3:a:egroupware:egroupware:23.1.20230726
-
cpe:2.3:a:egroupware:egroupware:23.1.20230728
-
cpe:2.3:a:egroupware:egroupware:23.1.20230824
-
cpe:2.3:a:egroupware:egroupware:23.1.20230911
-
cpe:2.3:a:egroupware:egroupware:23.1.20231110
-
cpe:2.3:a:egroupware:egroupware:23.1.20231113
-
cpe:2.3:a:egroupware:egroupware:23.1.20231122
-
cpe:2.3:a:egroupware:egroupware:23.1.20231129
-
cpe:2.3:a:egroupware:egroupware:23.1.20231201
-
cpe:2.3:a:egroupware:egroupware:23.1.20231219
-
cpe:2.3:a:egroupware:egroupware:23.1.20231220
-
cpe:2.3:a:egroupware:egroupware:23.1.20240125
-
cpe:2.3:a:egroupware:egroupware:23.1.20240304
-
cpe:2.3:a:egroupware:egroupware:23.1.20240430
-
cpe:2.3:a:egroupware:egroupware:23.1.20240624
-
cpe:2.3:a:egroupware:egroupware:23.1.20240905
-
cpe:2.3:a:egroupware:egroupware:23.1.20240930
-
cpe:2.3:a:egroupware:egroupware:23.1.20241008
-
cpe:2.3:a:egroupware:egroupware:23.1.20241111
-
cpe:2.3:a:egroupware:egroupware:23.1.20241128
-
cpe:2.3:a:egroupware:egroupware:23.1.20241214
-
cpe:2.3:a:egroupware:egroupware:23.1.20250113
-
cpe:2.3:a:egroupware:egroupware:23.1.20250307
-
cpe:2.3:a:egroupware:egroupware:23.1.20250416
-
cpe:2.3:a:egroupware:egroupware:23.1.20250506
-
cpe:2.3:a:egroupware:egroupware:23.1.20250715
-
cpe:2.3:a:egroupware:egroupware:23.1.20250902
-
cpe:2.3:a:egroupware:egroupware:23.1.20251021
-
cpe:2.3:a:egroupware:egroupware:23.1.20251119
-
cpe:2.3:a:egroupware:egroupware:23.1.20251222
-
cpe:2.3:a:egroupware:egroupware:23.1.20260108
-
cpe:2.3:a:egroupware:egroupware:26.0.20251208
-
cpe:2.3:a:egroupware:egroupware:26.0.20251216
-
cpe:2.3:a:egroupware:egroupware:26.0.20260108