CyberRota
← Ana sayfaya dön

CVE-2026-45062

HIGH · CVSS 8.1 EPSS %0.57 Public Exploit

Kaynak: NVD + CISA KEV + EPSS · Yayınlanma: 2026-06-10T18:16:57.077 · Çekilme zamanı: 2026-06-30T12:16:31.276633+00:00

CyberRota Yorumu

Uzaktan istismar edilebilir olabilir.

Public Exploit Sinyali

Bu CVE için açıklama veya referanslarda public exploit / PoC / GitHub / Metasploit sinyali tespit edildi.

Tespit Edilen Sinyaller
remote code execution code execution
GitHub PoC Linkleri
github.com github.com

Not: Bu bağlantılar yalnızca güvenlik araştırması ve doğrulama amacıyla listelenmiştir.

CVE
CVE-2026-45062
Severity
HIGH
CVSS
8.1
EPSS
%0.57

Orijinal NVD Açıklaması

FrankenPHP is a modern application server for PHP. From version 1.11.2 to before version 1.12.3, the splitPos() function in cgi.go misuses golang.org/x/text/search with search.IgnoreCase when the request path contains a non-ASCII byte. Two distinct flaws in that fallback let an attacker mislead FrankenPHP into treating a non-.php file as a .php script. In any deployment where the attacker can place content into a file served by FrankenPHP (uploads, file storage, etc.), this can be escalated to remote code execution by crafting a URL whose path triggers either flaw. This issue has been patched in version 1.12.3.