HIGH8.1CVE-2026-45062FrankenPHP: Unsafe Unicode Handling in CGI Path Splitting Allows Execution of Non-PHP Files
>= 1.11.2, < 1.12.3
—CVE-2026-24895FrankenPHP's unicode case-folding length expansion causes incorrect split_path index (SCRIPT_NAME/PATH_INFO confusion) in FrankenPHP in github.com/dunglas/frankenphp
from 0, < 1.11.2
—CVE-2026-24895FrankenPHP's unicode case-folding length expansion causes incorrect split_path index (SCRIPT_NAME/PATH_INFO confusion) in FrankenPHP in github.com/dunglas/frankenphp
from 0, < 1.11.2
—FrankenPHP leaks session data between requests in worker mode in github.com/dunglas/frankenphp
from 0, < 1.11.2
—FrankenPHP leaks session data between requests in worker mode in github.com/dunglas/frankenphp