Main Vulnerability Database Exploits ID:12715 - Exploit for Exposed dangerous method or function in Email Security Gateway (ESG) - CVE-2023-7102

ID:12715 - Exploit for Exposed dangerous method or function in Email Security Gateway (ESG) - CVE-2023-7102

Published: May 19, 2026

Vulnerability identifier: #VU84794

Vulnerability risk: Critical

CVE-ID: CVE-2023-7102

CWE-ID: CWE-749

Exploitation vector: Remote access

Vulnerable software:
Email Security Gateway (ESG)

Link to public exploit:

https://www.rapid7.com/db/modules/exploit/linux/smtp/barracuda_esg_spreadsheet_rce

Vulnerability description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to improper input validation within the third-party Perl library Spreadsheet::ParseExcel used to parse Excel files. A remote attacker can send a specially crafted email with a malicious file inside and execute arbitrary code on the device.

Note, the vulnerability is being actively exploited in the wild.

Remediation

On December 22, 2023, Barracuda deployed a patch to remediate compromised ESG appliances which exhibited indicators of compromise related to the newly identified malware variants.

ID:12715 - Exploit for Exposed dangerous method or function in Email Security Gateway (ESG) - CVE-2023-7102

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human