CVE-2026-22521

Name of the Vulnerable Software and Affected Versions Handmade Framework versions through 3.9

Description The software contains a flaw related to improper control of filenames used in include/require statements, leading to a PHP Local File Inclusion issue. This allows for the inclusion of local files, potentially exposing sensitive information or enabling unauthorized code execution.

Recommendations Versions prior to 4.0 should be updated.