CVE 9.8 CRITICAL

CVE-2026-42473_CVE-2026-42473

May 1, 2026 invoker category_cve

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The session and cache handlers use unserialize() on data from the filesystem in the FileHandler object.

AI Analysis

Unsafe deserialization vulnerability in MixPHP Framework

Basic Information

ID CVE-2026-42473

Source mitre

Published May 1, 2026 at 00:00

Modified May 1, 2026 at 18:22

Affected Product

Vendor MixPHP

Product MixPHP Framework

Version 2.x thru 2.2.17

Affected Versions n/a n/a n/a

CWE Classification

CWE-502

AI Assessment

AI Score 9.8 / 10

AI Severity Critical

Vendor MixPHP

Product MixPHP Framework

Version 2.x, 2.2.17

References

{
    "lastseen": "",
    "description": "Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The session and cache handlers use unserialize() on data from the filesystem in the FileHandler object.",
    "published": "2026-05-01T00:00:00.000Z",
    "modified": "2026-05-01T18:22:27.023Z",
    "type": "cve",
    "title": "CVE-2026-42473",
    "source": "mitre",
    "references": "https://github.com/mix-php/mix\nhttps://github.com/mix-php/mix/blob/v2.2.17/src/sync-invoke/src/Server.php\nhttps://gist.github.com/sgInnora/fa46386840fe978a30d7e53c458f2975",
    "id": "CVE-2026-42473",
    "bulletinFamily": "",
    "cwe": [
        "CWE-502"
    ],
    "cvelist": null,
    "sourceData": "n/a n/a n/a",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "MixPHP Framework",
    "version": "2.x thru 2.2.17",
    "vendor": "MixPHP",
    "ai_description": "Unsafe deserialization vulnerability in MixPHP Framework",
    "ai_severity": "Critical",
    "ai_vendor": "MixPHP",
    "ai_product": "MixPHP Framework",
    "ai_version": "2.x, 2.2.17",
    "ai_score": 9.8
}

💭 Join the Security Discussion ❌ Cancel Reply