A vulnerability identified as critical has been detected in php-censor up to 2.1.6 . This affects an unknown function of the file src/Model/Build/GitBuild.php of the component Webhook Endpoint . Performing a manipulation of the argument commitId results in os command injection. This vulnerability is identified as CVE-2026-10273 . The attack can be initiated remotely. Additionally, an exploit exists. It is recommended to apply a patch to fix this issue.