CVE 9.3 CRITICAL

Pachno 1.0.6 FileCache Deserialization Remote Code Execution_CVE-2026-40044

April 13, 2026 invoker category_cve

9.3 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

Pachno 1.0.6 contains a deserialization vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting malicious serialized objects into cache files. Attackers can write PHP object payloads to world-writable cache files with predictable names in the cache directory, which are unserialized during framework bootstrap before authentication checks occur.

AI Analysis

Deserialization vulnerability allowing remote code execution in Pachno 1.0.6

Basic Information

ID CVE-2026-40044

Source VulnCheck

Published Apr 13, 2026 at 18:11

Modified Apr 13, 2026 at 18:57

Affected Product

Vendor pancho

Product Pachno

Version 1.0.6

Affected Versions pancho Pachno 1.0.6

CWE Classification

CWE-502

AI Assessment

AI Score 9.3 / 10

AI Severity Critical

Vendor pancho

Product Pachno

Version 1.0.6

References

{
    "lastseen": "",
    "description": "Pachno 1.0.6 contains a deserialization vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting malicious serialized objects into cache files. Attackers can write PHP object payloads to world-writable cache files with predictable names in the cache directory, which are unserialized during framework bootstrap before authentication checks occur.",
    "published": "2026-04-13T18:11:01.343Z",
    "modified": "2026-04-13T18:57:58.765Z",
    "type": "cve",
    "title": "Pachno 1.0.6 FileCache Deserialization Remote Code Execution",
    "source": "VulnCheck",
    "references": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2026-5986.php\nhttps://www.vulncheck.com/advisories/pachno-filecache-deserialization-remote-code-execution",
    "id": "CVE-2026-40044",
    "bulletinFamily": "",
    "cwe": [
        "CWE-502"
    ],
    "cvelist": null,
    "sourceData": "pancho Pachno 1.0.6",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Pachno",
    "version": "1.0.6",
    "vendor": "pancho",
    "ai_description": "Deserialization vulnerability allowing remote code execution in Pachno 1.0.6",
    "ai_severity": "Critical",
    "ai_vendor": "pancho",
    "ai_product": "Pachno",
    "ai_version": "1.0.6",
    "ai_score": 9.3
}

💭 Join the Security Discussion ❌ Cancel Reply