A vulnerability was found in efwGrp efw4.X up to 4.08.9 . It has been rated as critical . Affected by this issue is the function elfinder_checkRisk . The manipulation leads to os command injection. This vulnerability is traded as CVE-2026-44258 . It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is advised.