CVE 9.8 CRITICAL

CVE-2026-42472_CVE-2026-42472

May 1, 2026 invoker category_cve

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The session and cache handlers use unserialize() on data from Redis in the RedisHandler object.

AI Analysis

Unsafe deserialization vulnerability in MixPHP Framework

Basic Information

ID CVE-2026-42472

Source mitre

Published May 1, 2026 at 00:00

Modified May 1, 2026 at 18:23

Affected Product

Vendor MixPHP

Product MixPHP Framework

Version 2.x thru 2.2.17

Affected Versions n/a n/a n/a

CWE Classification

CWE-502

AI Assessment

AI Score 9.8 / 10

AI Severity Critical

Vendor MixPHP

Product MixPHP Framework

Version 2.x, 2.2.17

References

{
    "lastseen": "",
    "description": "Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The session and cache handlers use unserialize() on data from Redis in the RedisHandler object.",
    "published": "2026-05-01T00:00:00.000Z",
    "modified": "2026-05-01T18:23:07.926Z",
    "type": "cve",
    "title": "CVE-2026-42472",
    "source": "mitre",
    "references": "https://github.com/mix-php/mix\nhttps://github.com/mix-php/mix/blob/v2.2.17/src/sync-invoke/src/Server.php\nhttps://gist.github.com/sgInnora/fa46386840fe978a30d7e53c458f2975",
    "id": "CVE-2026-42472",
    "bulletinFamily": "",
    "cwe": [
        "CWE-502"
    ],
    "cvelist": null,
    "sourceData": "n/a n/a n/a",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "MixPHP Framework",
    "version": "2.x thru 2.2.17",
    "vendor": "MixPHP",
    "ai_description": "Unsafe deserialization vulnerability in MixPHP Framework",
    "ai_severity": "Critical",
    "ai_vendor": "MixPHP",
    "ai_product": "MixPHP Framework",
    "ai_version": "2.x, 2.2.17",
    "ai_score": 9.8
}

💭 Join the Security Discussion ❌ Cancel Reply