What is the CVSS score of CVE-2026-42472?

CVE-2026-42472 has a CVSS 3.1 base score of 9.8 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of MixPHP Framework are affected by CVE-2026-42472?

MixPHP Framework versions 2.0 through 2.2.17 contain a critical remote code execution vulnerability in Redis session handling that allows unauthenticated attackers to execute arbitrary PHP code on…

MixPHP Framework CVE-2026-42472

EUVD-2026-26673 CRITICAL

Deserialization of Untrusted Data (CWE-502)

2026-05-01 mitre

Deserialization Redis

9.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

May 01, 2026 - 19:22 vuln.today

CVSS changed

May 01, 2026 - 19:22 NVD

9.8 (None) 9.8 (CRITICAL)

EUVD ID Assigned

May 01, 2026 - 16:00 euvd

EUVD-2026-26673

Analysis Generated

May 01, 2026 - 16:00 vuln.today

CVE Published

May 01, 2026 - 00:00 nvd

CRITICAL 9.8

DescriptionNVD

Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The session and cache handlers use unserialize() on data from Redis in the RedisHandler object.

AnalysisAI

Remote unauthenticated code execution in MixPHP Framework 2.x through 2.2.17 allows attackers to execute arbitrary PHP code by injecting malicious serialized objects into Redis-backed session or cache storage. The framework's RedisHandler directly deserializes untrusted data from Redis using PHP's unserialize() function without validation. …

RemediationAI

Within 24 hours: Identify all systems running MixPHP Framework 2.x and document current versions; implement network-level restrictions to Redis ports and verify only trusted clients can connect. Within 7 days: Evaluate upgrading to MixPHP Framework 2.2.18 or later if available, or apply the RedisHandler deserialization fix from vendor; contact MixPHP maintainers for patch timeline confirmation. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-42472 vulnerability details – vuln.today

Back

MixPHP Framework CVE-2026-42472

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code