CVE-2026-24894
FrankenPHP in worker mode prior to 1.11.2 does not reset the PHP $_SESSION between requests, allowing a subsequent request on the same worker to read the previous request’s session data before session_start() is called. This could expose potentially sensitive session information across users. The...