Snuffleupagus

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2026-22034 CRITICAL POC PATCH Act Now

Snuffleupagus PHP security module before 0.13.0 can be bypassed when upload validation uses VLD-based scripts without the VLD extension installed. This disables the upload security check entirely, allowing malicious PHP file uploads. PoC available, patch available.

PHP Snuffleupagus

NVD GitHub

CVSS 3.1

9.8

EPSS

0.1%

CVE-2026-22034

EPSS 0% CVSS 9.8

CRITICAL POC PATCH Act Now

Snuffleupagus PHP security module before 0.13.0 can be bypassed when upload validation uses VLD-based scripts without the VLD extension installed. This disables the upload security check entirely, allowing malicious PHP file uploads. PoC available, patch available.

PHP Snuffleupagus

NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy