PT-2026-39402 · Unknown · Yii Framework
Published
2026-05-09
·
Updated
2026-05-09
·
CVE-2026-39850
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
Name of the Vulnerable Software and Affected Versions
Yii Framework versions prior to 2.0.55
Description
Internal variables in the
View::renderPhpFile() and ErrorHandler::renderFile() functions are not isolated, which can lead to parameter collisions that allow the overriding of included file paths.Recommendations
Update to version 2.0.55.
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Yii Framework