23 May 2026
Reference: CVE-2023-7102
1. What is being reported?
The vulnerability involves a problem in a third-party software component used by Barracuda ESG appliances. This flaw, known as CVE-2023-7102, allows attackers to inject harmful commands remotely, potentially bypassing security checks and gaining control over the device.
2. What this means in plain English
If your organisation uses a vulnerable Barracuda ESG appliance, attackers could exploit this flaw to access your email security system, possibly intercepting or altering emails, or using the device to launch further attacks. This risk could lead to loss of sensitive information or operational disruption.
3. Could this affect a small business?
Small businesses or charities using Barracuda ESG appliances with versions between 5.1.3.001 and 9.2.1.001 could be affected. If you do not use Barracuda ESG appliances, or your device has been updated to remove the vulnerable component, you are likely not at risk.
4. What to do now
- Check if your organisation uses a Barracuda ESG appliance and identify its version.
- Contact your IT provider or Barracuda support to confirm if your device is affected by CVE-2023-7102.
- Apply any available updates or patches from Barracuda that remove the vulnerable logic.
- Monitor your email security systems for unusual activity and review access logs regularly.
5. Ask your IT provider
Can you confirm if our Barracuda ESG appliance is affected by the CVE-2023-7102 vulnerability, and have the necessary updates been applied to protect us?
6. Bottom line
If you use Barracuda ESG appliances, act quickly to ensure they are updated and secure against this critical vulnerability.
Information based on CISA KEV, NVD, and reputable security reporting.