HotCRP vulnerable to remote code execution through formulas_CVE-2026-23836

10 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Description

HotCRP is conference review software. A problem introduced in April 2024 in version 3.1 led to inadequately sanitized code generation for HotCRP formulas which allowed users to trigger the execution of arbitrary PHP code. The problem is patched in release version 3.2.

AI Analysis

Remote code execution vulnerability in HotCRP through inadequately sanitized code generation for formulas

Basic Information

ID CVE-2026-23836

Source GitHub_M

Published Jan 19, 2026 at 18:06

Affected Product

Vendor kohler

Product hotcrp

Version = 3.1

Affected Versions kohler hotcrp = 3.1

CWE Classification

CWE-20

AI Assessment

AI Score 10 / 10

AI Severity Critical

Vendor kohler

Product HotCRP

Version 3.1

References

{
    "lastseen": "",
    "description": "HotCRP is conference review software. A problem introduced in April 2024 in version 3.1 led to inadequately sanitized code generation for HotCRP formulas which allowed users to trigger the execution of arbitrary PHP code. The problem is patched in release version 3.2.",
    "published": "2026-01-19T18:06:04.928Z",
    "modified": "2026-01-19T18:06:04.928Z",
    "type": "cve",
    "title": "HotCRP vulnerable to remote code execution through formulas",
    "source": "GitHub_M",
    "references": "https://github.com/kohler/hotcrp/security/advisories/GHSA-hpqh-j6qx-x57h\nhttps://github.com/kohler/hotcrp/commit/4674fcfbb76511072a1145dad620756fc1d4b4e9\nhttps://github.com/kohler/hotcrp/commit/bfc7e0db15df6ed6d544a639020d2ce05a5f0834",
    "id": "CVE-2026-23836",
    "bulletinFamily": "",
    "cwe": [
        "CWE-20"
    ],
    "cvelist": null,
    "sourceData": "kohler hotcrp = 3.1",
    "sourceHref": "",
    "cvss": {
        "score": 10,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "hotcrp",
    "version": "= 3.1",
    "vendor": "kohler",
    "ai_description": "Remote code execution vulnerability in HotCRP through inadequately sanitized code generation for formulas",
    "ai_severity": "Critical",
    "ai_vendor": "kohler",
    "ai_product": "HotCRP",
    "ai_version": "3.1",
    "ai_score": 10
}