PT-2026-6286 · Pear · Pear
Megamansec
·
Published
2026-02-03
·
Updated
2026-02-04
·
CVE-2026-25237
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
PEAR versions prior to 1.33.0
Description
PEAR, a framework for reusable PHP components, contains a flaw related to the use of the
preg replace() function with the /e modifier. This can lead to PHP code execution if attacker-controlled content is used in the replacement process during bug update email handling.Recommendations
Update to version 1.33.0 or later.
Exploit
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Pear