CVE-2026-49260 PhpWeasyPrint: shell command injection via configurable WeasyPrint binary path due to inverted is_executable() guard (mirror of KnpLabs/snappy GHSA-vpr4-p6fq-85jc)

PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page. Prior to version 2.5.1, pontedilana/php-weasyprint builds the shell command for WeasyPrint by passing the binary path through escapeshellarg first and then checking the quoted result with isexecutable. On POSIX...

CVE-2026-49260

CVE-2026-49260 affects PhpWeasyPrint prior to 2.5.1. The vulnerability arises from building the WeasyPrint command by passing the binary path through escapeshellarg() and then validating the quoted result with is_executable(); on POSIX systems this makes the bin path string contain quotes, causin...

CVE-2026-49260 PhpWeasyPrint: shell command injection via configurable WeasyPrint binary path due to inverted is_executable() guard (mirror of KnpLabs/snappy GHSA-vpr4-p6fq-85jc)

PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page. Prior to version 2.5.1, pontedilana/php-weasyprint builds the shell command for WeasyPrint by passing the binary path through escapeshellarg first and then checking the quoted result with isexecutable. On POSIX...

EUVD-2026-38048

PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page. Prior to version 2.5.1, pontedilana/php-weasyprint builds the shell command for WeasyPrint by passing the binary path through escapeshellarg first and then checking the quoted result with isexecutable. On POSIX...

Use After Free

Overview nokogiri is a gem for parsing HTML, XML, SAX, and Reader. Affected versions of this package are vulnerable to Use After Free in the doxinclude. An attacker can cause invalid memory reads or writes by exposing nodes or namespaces to Ruby before invoking XInclude processing. Note: This is...

XML External Entity (XXE) Injection

Overview nokogiri is a gem for parsing HTML, XML, SAX, and Reader. Affected versions of this package are vulnerable to XML External Entity XXE Injection in the Nokogiri::XML::Schema when the NONET parse option is not correctly enforced on JRuby. An attacker can access external network resources b...

Cross-site Scripting (XSS)

Overview silverstripe/framework is a PHP framework forming the base for the SilverStripe CMS. Affected versions of this package are vulnerable to Cross-site Scripting XSS via hashlink rewriting in SSViewer::process. An attacker can inject arbitrary HTML or script content by supplying a specially...

Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

Overview silverstripe/framework is a PHP framework forming the base for the SilverStripe CMS. Affected versions of this package are vulnerable to Improper Restriction of Recursive Entity References in DTDs 'XML Entity Expansion' via XML entity expansion. An attacker can cause denial of service by...

HTTP Request Smuggling

Overview silverstripe/framework is a PHP framework forming the base for the SilverStripe CMS. Affected versions of this package are vulnerable to HTTP Request Smuggling via interaction between SQLQuery and the default FulltextSearch functionality. An attacker can supply specially crafted search...

Open Redirect

Overview silverstripe/framework is a PHP framework forming the base for the SilverStripe CMS. Affected versions of this package are vulnerable to Open Redirect via improper validation of the BackURL parameter in the login flow. An attacker can redirect users to an attacker-controlled website afte...

Cross-site Scripting (XSS)

Overview silverstripe/framework is a PHP framework forming the base for the SilverStripe CMS. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the FormAction field. An attacker can execute arbitrary script in the browser of other users by supplying a malicious titl...

Cross-site Scripting (XSS)

Overview silverstripe/framework is a PHP framework forming the base for the SilverStripe CMS. Affected versions of this package are vulnerable to Cross-site Scripting XSS via insufficient output encoding in TreeDropdownField and TreeMultiSelectField. An attacker can execute arbitrary script in th...

Cross-site Request Forgery (CSRF)

Overview silverstripe/framework is a PHP framework forming the base for the SilverStripe CMS. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via insufficient CSRF protection in GridField. An attacker can cause authenticated CMS users to perform unintended...

Incorrect Authorization

Overview silverstripe/framework is a PHP framework forming the base for the SilverStripe CMS. Affected versions of this package are vulnerable to Incorrect Authorization via validation of secure token parameters. An attacker can bypass authentication checks protecting privileged query parameters...

User Impersonation

Overview silverstripe/framework is a PHP framework forming the base for the SilverStripe CMS. Affected versions of this package are vulnerable to User Impersonation via insufficient validation of proxy-related HTTP headers. An attacker can spoof client IP addresses, hostnames, or protocols by...

Missing Authorization

Overview silverstripe/framework is a PHP framework forming the base for the SilverStripe CMS. Affected versions of this package are vulnerable to Missing Authorization via the buildDefaults action in DevelopmentAdmin. An attacker can perform unauthorized database modifications and obtain...

Origin Validation Error

Overview Affected versions of this package are vulnerable to Origin Validation Error in the SetCookie::validate function due to the improper normalization of Domain attribute for shared CookieJar instances. An attacker can access resources or data from a different origin by setting a shared cooki...

Missing Encryption of Sensitive Data

Overview Affected versions of this package are vulnerable to Missing Encryption of Sensitive Data due to the fallback on insecure plaintext http:// option proxy in cURL handlers. An attacker can gain unauthorized access to sensitive data such as proxy negotiation and proxy credentials by...

XML Injection

Overview Affected versions of this package are vulnerable to XML Injection during request serialization of scalar XML element values. An attacker can smuggle raw XML markup into generated output by supplying a string that contains CDATA terminator . This lets attacker-controlled content break out...

CRLF Injection

Overview Affected versions of this package are vulnerable to CRLF Injection in the start-line serialization of the Message class toString, parseRequest, and parseResponse. An attacker can inject header lines and split or smuggle HTTP messages by placing CR or LF characters into the request method...