What is the CVSS score of CVE-2026-42473?

CVE-2026-42473 has a CVSS 3.1 base score of 9.8 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of MixPHP Framework are affected by CVE-2026-42473?

MixPHP Framework versions 2.0 through 2.2.17 contain a critical remote code execution vulnerability in session and cache handling that allows unauthenticated attackers to execute arbitrary code on…

MixPHP Framework CVE-2026-42473

EUVD-2026-26674 CRITICAL

Deserialization of Untrusted Data (CWE-502)

2026-05-01 mitre

Deserialization

9.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

May 01, 2026 - 19:22 vuln.today

CVSS changed

May 01, 2026 - 19:22 NVD

9.8 (None) 9.8 (CRITICAL)

EUVD ID Assigned

May 01, 2026 - 16:00 euvd

EUVD-2026-26674

Analysis Generated

May 01, 2026 - 16:00 vuln.today

CVE Published

May 01, 2026 - 00:00 nvd

CRITICAL 9.8

DescriptionNVD

Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The session and cache handlers use unserialize() on data from the filesystem in the FileHandler object.

AnalysisAI

Remote code execution in MixPHP Framework 2.x through 2.2.17 allows unauthenticated network attackers to execute arbitrary code via unsafe deserialization. The FileHandler class processes session and cache data using PHP's unserialize() on filesystem-sourced content without validation, enabling object injection attacks. …

RemediationAI

Within 24 hours: Identify all systems running MixPHP Framework 2.x and document versions via dependency scanning and deployment inventories; isolate affected production systems from untrusted networks if upgrade is not immediately feasible. Within 7 days: Upgrade all instances to MixPHP Framework 2.2.18 or later (vendor confirmation of fixed version required); perform full application testing in staging environment before production deployment. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-42473 vulnerability details – vuln.today

Back

MixPHP Framework CVE-2026-42473

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code