CVE-2026-45062
- EPSS 0.57%
- Veröffentlicht 10.06.2026 17:38:42
- Zuletzt bearbeitet 11.06.2026 14:16:28
FrankenPHP is a modern application server for PHP. From version 1.11.2 to before version 1.12.3, the splitPos() function in cgi.go misuses golang.org/x/text/search with search.IgnoreCase when the request path contains a non-ASCII byte. Two distinct f...
CVE-2026-24895
- EPSS 0.58%
- Veröffentlicht 12.02.2026 19:16:06
- Zuletzt bearbeitet 20.02.2026 18:30:00
FrankenPHP is a modern application server for PHP. Prior to 1.11.2, FrankenPHP’s CGI path splitting logic improperly handles Unicode characters during case conversion. The logic computes the split index (for finding .php) on a lowercased copy of the ...
CVE-2026-24894
- EPSS 0.36%
- Veröffentlicht 12.02.2026 19:12:04
- Zuletzt bearbeitet 20.02.2026 18:31:06
FrankenPHP is a modern application server for PHP. Prior to 1.11.2, when running FrankenPHP in worker mode, the $_SESSION superglobal is not correctly reset between requests. This allows a subsequent request processed by the same worker to access the...