CVE Catalog

CVE-2026-40756

HighCVSS 8.1
Published: Updated: Translated: NVD NIST

Summary

Zoya versions up to 1.4 contain a vulnerability to unauthenticated PHP object injection, which may lead to unauthorized access to the system.

Risk Assessment

Organizations using vulnerable versions of Zoya may be exposed to attacks that could lead to takeover of the application.

Recommendation

It is recommended to upgrade to the latest version of Zoya to mitigate this vulnerability.

Original NVD description (English source)

Unauthenticated PHP Object Injection in Zoya <= 1.4 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS