CyberRota
← Ana sayfaya dön

CVE-2026-52778

CRITICAL · CVSS 9.8 EPSS %0.56 Public Exploit

Kaynak: NVD + CISA KEV + EPSS · Yayınlanma: 2026-06-08T19:16:46.683 · Çekilme zamanı: 2026-06-30T12:13:10.296493+00:00

CyberRota Yorumu

Detaylı analiz gerekiyor.

Public Exploit Sinyali

Bu CVE için açıklama veya referanslarda public exploit / PoC / GitHub / Metasploit sinyali tespit edildi.

Tespit Edilen Sinyaller
code execution
GitHub PoC Linkleri
github.com github.com github.com

Not: Bu bağlantılar yalnızca güvenlik araştırması ve doğrulama amacıyla listelenmiştir.

CVE
CVE-2026-52778
Severity
CRITICAL
CVSS
9.8
EPSS
%0.56

Orijinal NVD Açıklaması

YesWiki is a wiki system written in PHP. Prior to version 4.6.6, an unsafe execution vulnerability exists in the Bazar form field calculator (CalcField.php) of YesWiki. The application attempts to sanitize user-defined mathematical formulas using a complex recursive regular expression before passing them to the PHP eval() function. This implementation is inherently flawed: it is vulnerable to Regular Expression Denial of Service (ReDoS / Stack Overflow) which can crash the server, and it creates a high-risk architecture where any logic bypass directly results in arbitrary PHP code execution. Version 4.6.6 patches the issue.