VYPR

Go modules package

github.com/dunglas/frankenphp

pkg:golang/github.com/dunglas/frankenphp

Vulnerabilities (2)

  • CVE-2026-24895Feb 12, 2026
    affected < 1.11.2fixed 1.11.2

    FrankenPHP is a modern application server for PHP. Prior to 1.11.2, FrankenPHP’s CGI path splitting logic improperly handles Unicode characters during case conversion. The logic computes the split index (for finding .php) on a lowercased copy of the request path but applies that

  • CVE-2026-24894Feb 12, 2026
    affected < 1.11.2fixed 1.11.2

    FrankenPHP is a modern application server for PHP. Prior to 1.11.2, when running FrankenPHP in worker mode, the $_SESSION superglobal is not correctly reset between requests. This allows a subsequent request processed by the same worker to access the $_SESSION data of the previou