A vulnerability classified as critical has been found in apostrophecms apostrophe up to 3.6.0 . This issue affects some unknown processing. Performing a manipulation results in os command injection. This vulnerability was named CVE-2026-42853 . The attack needs to be approached locally. There is no available exploit.