CVE Catalog
CVE-2026-40756
HighCVSS 8.1Summary
Zoya versions up to 1.4 contain a vulnerability to unauthenticated PHP object injection, which may lead to unauthorized access to the system.
Risk Assessment
Organizations using vulnerable versions of Zoya may be exposed to attacks that could lead to takeover of the application.
Recommendation
It is recommended to upgrade to the latest version of Zoya to mitigate this vulnerability.
Original NVD description (English source)
Unauthenticated PHP Object Injection in Zoya <= 1.4 versions.

