CVE Catalog

CVE-2026-39471

HighCVSS 7.2
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.45%

35th percentile - higher than 35% of all known CVEs

Summary

Versions of ShortPixel Image Optimizer up to 6.4.3 are vulnerable to PHP Object Injection attacks, potentially leading to unauthorized system access.

Risk Assessment

An attacker could exploit this vulnerability to inject malicious code, posing a serious threat to application security and user data.

Recommendation

It is recommended to update ShortPixel Image Optimizer to the latest version to mitigate this vulnerability.

Original NVD description (English source)

Author PHP Object Injection in ShortPixel Image Optimizer <= 6.4.3 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS