Security Advisory

CVE-2026-24894

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-02-12 19:12:04

Last updated 2026-02-12 20:04:57

Assigner GitHub_M

State PUBLISHED

Description

FrankenPHP is a modern application server for PHP. Prior to 1.11.2, when running FrankenPHP in worker mode, the $_SESSION superglobal is not correctly reset between requests. This allows a subsequent request processed by the same worker to access the $_SESSION data of the previous request (potentially belonging to a different user) before session_start() is called. This vulnerability is fixed in 1.11.2.

← Browse all CVEs View on cve.org ↗