Product
An authenticated EGroupware administrator can achieve OS-level Remote Code Execution (RCE) by uploading a malicious eTemplate XML file (`.xet`) containing unescaped backtick characters that lead to shell command execution within a PHP `eval()` call during template processing (CVE-2026-40187), impacting non-Docker or non-hardened EGroupware deployments.