Frankenphp

2 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-24895 CRITICAL POC PATCH Act Now

CGI path splitting vulnerability in FrankenPHP before 1.11.2 — Unicode characters bypass path validation during CGI processing. PoC and patch available.

PHP Golang Frankenphp Suse
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-24894 HIGH POC PATCH This Week

FrankenPHP versions prior to 1.11.2 fail to properly isolate session data between worker requests, enabling cross-user session fixation where an attacker can read sensitive $_SESSION information intended for other users. This high-severity flaw affects multi-request worker mode deployments and has public exploit code available. A patched version 1.11.2 is available and should be deployed immediately.

Privilege Escalation Frankenphp Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-24895
EPSS 0% CVSS 9.8
CRITICAL POC PATCH Act Now

CGI path splitting vulnerability in FrankenPHP before 1.11.2 — Unicode characters bypass path validation during CGI processing. PoC and patch available.

PHP Golang Frankenphp +1
NVD GitHub
CVE-2026-24894
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

FrankenPHP versions prior to 1.11.2 fail to properly isolate session data between worker requests, enabling cross-user session fixation where an attacker can read sensitive $_SESSION information intended for other users. This high-severity flaw affects multi-request worker mode deployments and has public exploit code available. A patched version 1.11.2 is available and should be deployed immediately.

Privilege Escalation Frankenphp Suse
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy