CVE Catalog
CVE-2026-42472
CriticalSummary
MixPHP Framework versions 2.x through 2.2.17 have an unsafe deserialization vulnerability. The session and cache handlers use unserialize() on data from Redis in the RedisHandler object.
Risk Assessment
This vulnerability may lead to the execution of malicious code, posing a serious threat to the security of the application and user data.
Recommendation
It is recommended to update the MixPHP Framework to the latest version to mitigate this vulnerability and to avoid using unserialize() on untrusted data.
Original NVD description (English source)
Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The session and cache handlers use unserialize() on data from Redis in the RedisHandler object.

