Unknown · Yii Framework · CVE-2026-39850
**Name of the Vulnerable Software and Affected Versions**
Yii Framework versions prior to 2.0.55
**Description**
Internal variables in the `View::renderPhpFile()` and `ErrorHandler::renderFile()` functions are not isolated, which can lead to parameter collisions that allow the overriding of included file paths.
**Recommendations**
Update to version 2.0.55.