CVE-2023-2868

CISA KEV

Published May 26, 2023 · Updated April 3, 2026

high

Official Description+

Barracuda Email Security Gateway (ESG) appliance contains an improper input validation vulnerability of a user-supplied .tar file, leading to remote command injection.

Affected Products

Vendor	Product
Barracuda Networks	Email Security Gateway (ESG) Appliance

Patch Status

Patch by 2023-06-16

Recommended Actions

Check if your systems use any of the affected products listed above.
Apply vendor patches immediately if available.
This vulnerability is in CISA's Known Exploited Vulnerabilities catalog — prioritize remediation.
Monitor vendor advisories for updates and additional mitigations.
Review logs for indicators of compromise related to CVE-2023-2868.