Critical severity9.8NVD Advisory· Published May 1, 2026· Updated May 5, 2026

CVE-2026-42473

Description

Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The session and cache handlers use unserialize() on data from the filesystem in the FileHandler object.

Affected products

Mix Php/Mixreferences

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

gist.github.com/sgInnora/fa46386840fe978a30d7e53c458f2975nvd
github.com/mix-php/mix/blob/v2.2.17/src/sync-invoke/src/Server.phpnvd

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000