CVE-2026-42552 Flight: Sensitive information disclosure via default error handler in flightphp/core

Flight is an extensible micro-framework for PHP. Prior to 3.18.1, the default error handler Engine::error writes the full exception message, exception code, and stack trace including absolute filesystem paths directly into the HTTP 500 response, with no debug gating. Production deployments leak...

CVE-2026-42552

Flight PHP core prior to version 3.18.1 exposes verbose error information via the Engine::_error() handler, including the exception message, code, and full stack trace with absolute filesystem paths, in HTTP 500 responses. This leads to leakage of internal paths, secrets embedded in messages, and...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure in the Engine::error function. An attacker can obtain sensitive information, such as absolute filesystem paths, secrets embedded in exception messages, and internal module structure, by triggering an uncaught...

Interpretation Conflict

Overview Affected versions of this package are vulnerable to Interpretation Conflict via the getMethod function. An attacker can perform unauthorized actions by sending crafted HTTP requests that override the intended HTTP method, potentially bypassing middleware restrictions and escalating...

CVE-2026-42551

creationtimestamp| type| source ---|---|--- 2026-04-29 13:03:34+00:00| published-proof-of-concept| https://github.com/flightphp/core/security/advisories/GHSA-vxrr-w42w-w76g...

CVE-2026-42550

creationtimestamp| type| source ---|---|--- 2026-04-29 13:03:28+00:00| published-proof-of-concept| https://github.com/flightphp/core/security/advisories/GHSA-xwqr-rcqg-22mr...

CVE-2026-42549

creationtimestamp| type| source ---|---|--- 2026-04-29 13:03:23+00:00| published-proof-of-concept| https://github.com/flightphp/core/security/advisories/GHSA-3xjv-pmf2-gf2q...

CVE-2026-42552

creationtimestamp| type| source ---|---|--- 2026-04-29 13:02:57+00:00| published-proof-of-concept| https://github.com/flightphp/core/security/advisories/GHSA-qrch-52m5-vv85...

Bienlein Cross-Site Request Forgery Vulnerability

Bienlein is a core application using FlightPHP and RedBeanHP. A security vulnerability exists in Bienlein that stems from unknown processing that manipulates to cause cross-site request forgery. No details of the vulnerability are currently available...

Bienlein 跨站请求伪造漏洞

Bienlein is a core application using FlightPHP and RedBeanHP. A security vulnerability exists in Bienlein that stems from unknown processing that manipulates to cause cross-site request forgery. No details of the vulnerability are currently available...

Bienlein 跨站请求伪造漏洞

Bienlein is a core application using FlightPHP and RedBeanHP by individual developer Stephan Hombergs. A security vulnerability exists in Bienlein, which stems from unknown handling and manipulation leading to cross-site request forgery...