CVE Catalog

CVE-2026-42473

Critical
Published: Translated: NVD NIST

Summary

MixPHP Framework versions 2.x through 2.2.17 have an unsafe deserialization vulnerability. The session and cache handlers use unserialize() on data from the filesystem in the FileHandler object.

Risk Assessment

This vulnerability could lead to the execution of malicious code, posing a serious threat to the security of the application and user data.

Recommendation

It is recommended to update MixPHP Framework to the latest version to mitigate this vulnerability and to review and secure data stored in the filesystem.

Original NVD description (English source)

Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The session and cache handlers use unserialize() on data from the filesystem in the FileHandler object.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS