Go modules package
github.com/dunglas/frankenphp
pkg:golang/github.com/dunglas/frankenphp
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-24895 | — | < 1.11.2 | 1.11.2 | Feb 12, 2026 | FrankenPHP is a modern application server for PHP. Prior to 1.11.2, FrankenPHP’s CGI path splitting logic improperly handles Unicode characters during case conversion. The logic computes the split index (for finding .php) on a lowercased copy of the request path but applies that | ||
| CVE-2026-24894 | — | < 1.11.2 | 1.11.2 | Feb 12, 2026 | FrankenPHP is a modern application server for PHP. Prior to 1.11.2, when running FrankenPHP in worker mode, the $_SESSION superglobal is not correctly reset between requests. This allows a subsequent request processed by the same worker to access the $_SESSION data of the previou |
- CVE-2026-24895Feb 12, 2026affected < 1.11.2fixed 1.11.2
FrankenPHP is a modern application server for PHP. Prior to 1.11.2, FrankenPHP’s CGI path splitting logic improperly handles Unicode characters during case conversion. The logic computes the split index (for finding .php) on a lowercased copy of the request path but applies that
- CVE-2026-24894Feb 12, 2026affected < 1.11.2fixed 1.11.2
FrankenPHP is a modern application server for PHP. Prior to 1.11.2, when running FrankenPHP in worker mode, the $_SESSION superglobal is not correctly reset between requests. This allows a subsequent request processed by the same worker to access the $_SESSION data of the previou