github.com/dunglas/frankenphp

Go2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting github.com/dunglas/frankenphppage 1 of 1

CVE-2026-24894HIGHCVSS 7.5EG 7.5✓ Fixed in 1.11.2
2026-02-12
FrankenPHP is a modern application server for PHP. Prior to 1.11.2, when running FrankenPHP in worker mode, the $_SESSION superglobal is not correctly reset between requests. This allows a subsequent request processed by the same worker to…
CVE-2026-24895CRITICALCVSS 9.8EG 9.8✓ Fixed in 1.11.2
2026-02-12
FrankenPHP is a modern application server for PHP. Prior to 1.11.2, FrankenPHP’s CGI path splitting logic improperly handles Unicode characters during case conversion. The logic computes the split index (for finding .php) on a lowercased…

Check whether github.com/dunglas/frankenphp is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for github.com/dunglas/frankenphp CVEs against the assets you own.

Start Free Scan →