How to fix CVE-2026-41229?

Within 24 hours: Identify all Froxlor installations and document current versions using administrative inventory tools. Within 7 days: Upgrade all Froxlor instances to version 2.3.6 or later; test in non-production environment first. Within 30 days: Audit administrative access logs for suspicious configuration changes, review user privileges to restrict change_serversettings permission to essential personnel only, and implement Web Application Firewall rules to detect PHP injection patterns in server configuration parameters.

Is Froxlor affected by CVE-2026-41229?

Froxlor server administration software versions before 2.3.6 contain a critical remote code execution vulnerability that allows authenticated administrators to inject malicious PHP code through improperly sanitized configuration parameters, resulting in persistent code execution with web server…

Froxlor CVE-2026-41229

EUVD-2026-25178 CRITICAL

Code Injection (CWE-94)

2026-04-23 GitHub_M

PHP RCE Code Injection

9.1

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Re-analysis Queued

Apr 23, 2026 - 13:22 vuln.today

cvss_changed

Analysis Generated

Apr 23, 2026 - 06:44 vuln.today

Patch available

Apr 23, 2026 - 06:16 EUVD

DescriptionNVD

Froxlor is open source server administration software. Prior to version 2.3.6, PhpHelper::parseArrayToString() writes string values into single-quoted PHP string literals without escaping single quotes. When an admin with change_serversettings permission adds or updates a MySQL server via the API, the privileged_user parameter (which has no input validation) is written unescaped into lib/userdata.inc.php. Since this file is required on every request via Database::getDB(), an attacker can inject arbitrary PHP code that executes as the web server user on every subsequent page load. Version 2.3.6 contains a patch.

AnalysisAI

Remote code execution in Froxlor server administration software versions prior to 2.3.6 allows authenticated administrators with change_serversettings permission to inject arbitrary PHP code through an unescaped MySQL server configuration parameter. The vulnerability enables persistent code execution on every subsequent HTTP request as the web server user due to improper input sanitization in PhpHelper::parseArrayToString(). …

RemediationAI

Within 24 hours: Identify all Froxlor installations and document current versions using administrative inventory tools. Within 7 days: Upgrade all Froxlor instances to version 2.3.6 or later; test in non-production environment first. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-41229 vulnerability details – vuln.today

Back

Froxlor CVE-2026-41229

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code