CNNVD-202602-2086 Information
CNNVD ID
CNNVD-202602-2086
Related CVE
- CNNVD Published: 2026-02-12
Description (Chinese)
FrankenPHP是phpnet开源的一个PHP应用服务器。 FrankenPHP 1.11.2之前版本存在代码问题漏洞,该漏洞源于在worker模式下运行时,$_SESSION超全局变量未在请求间正确重置,可能导致后续请求访问先前请求的会话数据。
Description (English)
FrankenPHP is a PHP application server at the phpnet open source. FrankenPHP 1.11.2 has a code problem loophole, which stems from the fact that while running under the worker model, the $ SESSION super-global variable is not correctly reset between requests, which may lead to follow-up requests to access previously requested session data.
Vulnerability Type
代码问题
Affected Vendor
phpnet
Published
2026-02-12
Last Modified
2026-02-24
References
https://github.com/php/frankenphp/releases/tag/v1.11.2 https://github.com/php/frankenphp/commit/24d6c991a7761b638190eb081deae258143e9735 https://github.com/php/frankenphp/security/advisories/GHSA-r3xh-3r3w-47gp https://access.redhat.com/security/cve/cve-2026-24894
Patch
https://github.com/php/frankenphp/releases
Share on: