CVE-2026-42472 - Vulnerability Analysis
CriticalCVSS: 9.8Last Updated: May 1, 2026
MixPHP Framework - Insecure Deserialization
Overview
MixPHP Framework 2.x thru 2.2.17 contains an insecure deserialization caused by use of unserialize() on data from Redis in RedisHandler, letting attackers execute arbitrary code remotely, exploit requires attacker to control Redis data.
Severity & Score
Impact
Attackers can execute arbitrary code remotely by exploiting unsafe deserialization in RedisHandler.
Mitigation
Update to the latest version beyond 2.2.17 or apply patches that avoid unsafe unserialize usage.
References
Social Media Activity(3 posts)
š“ New security advisory: CVE-2026-42472 affects multiple systems. ā¢ Impact: Remote code execution or complete system compromise possible ā¢ Risk: Attackers can gain full control of affected systems ā¢ Mitigation: Patch immediately or isolate affected systems Full breakdown: https://www.yazoul.net/advisory/cve/cve-2026-42472-mixphp-unauth-rce-via-deserialization #InfoSec #PatchNow #InfoSecCommunity
View original post
š“ CVE-2026-42472 - Critical (9.8) Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The session and cache handlers use unserialize() on data from Redis in the RedisHandler object. š https://www.thehackerwire.com/vulnerability/CVE-2026-42472/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
š“ CVE-2026-42472 - Critical (9.8) Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The session and cache handlers use unserialize() on data from Redis in the RedisHandler object. š https://www.thehackerwire.com/vulnerability/CVE-2026-42472/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-42472
- Severity
- Critical
- CVSS Score
- 9.8
- Type
- insecure_deserialization
- Status
- new
- EPSS
- 3.9%
- Social Posts
- 3
CWE
- CWE-502
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H