## https://sploitus.com/exploit?id=C39AE5F1-3CBE-5826-82A8-96B23C291ABC
# CVE-2026-22243: EGroupware has SQL Injection in Nextmatch Filter Processing
## Overview
| Field | Details |
|---|---|
| **CVE ID** | CVE-2026-22243 |
| **Vulnerability Type** | SQL Injection |
| **Severity** | HIGH |
| **Discovered by** | [Lukasz Rybak](https://github.com/lukasz-rybak) |
## Description
### Summary
**Critical Authenticated SQL Injection in Nextmatch Widget Filter Processing**
A critical SQL Injection vulnerability exists in the core components of EGroupware, specifically in the `Nextmatch` filter processing. The flaw allows authenticated attackers to inject arbitrary SQL commands into the `WHERE` clause of database queries. This is achieved by exploiting a PHP type juggling issue where JSON decoding converts numeric strings into integers, bypassing the `is_int()` security check used by the application.
### Details
**Root Cause Analysis**
The vulnerability exists in how the database abstraction layer (`Api\Db`) and high-level storage classes (`Api\Storage\Base`, `infolog_so`) process the `col_filter` array used in "Nextmatch" widgets.
The application attempts to validat...
## Affected Products
- **egroupware/egroupware** (versions: = 26.0.20251208, < 26.0.20260113)
## CWE Classification
- CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
## References
- https://github.com/EGroupware/egroupware/security/advisories/GHSA-rvxj-7f72-mhrx
- https://nvd.nist.gov/vuln/detail/CVE-2026-22243
- https://github.com/EGroupware/egroupware/releases/tag/23.1.20260113
- https://github.com/EGroupware/egroupware/releases/tag/26.0.20260113
- https://github.com/advisories/GHSA-rvxj-7f72-mhrx
## Disclaimer
This CVE was responsibly disclosed following coordinated vulnerability disclosure practices. The information provided here is for educational and defensive purposes only.