CVE Catalog

CVE-2026-42472

Critical
Published: Translated: NVD NIST

Summary

MixPHP Framework versions 2.x through 2.2.17 have an unsafe deserialization vulnerability. The session and cache handlers use unserialize() on data from Redis in the RedisHandler object.

Risk Assessment

This vulnerability may lead to the execution of malicious code, posing a serious threat to the security of the application and user data.

Recommendation

It is recommended to update the MixPHP Framework to the latest version to mitigate this vulnerability and to avoid using unserialize() on untrusted data.

Original NVD description (English source)

Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The session and cache handlers use unserialize() on data from Redis in the RedisHandler object.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS