Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-49286
PUBLISHED
More InfoOfficial Page
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
View Known Exploited Vulnerability (KEV) details
Published At-19 Jun, 2026 | 17:03
Updated At-22 Jun, 2026 | 14:23
Rejected At-
▼CVE Numbering Authority (CNA)
PhpWeasyPrint vulnerable to PHAR deserialization via output filename (CVE-2023-28115 case-insensitive bypass)

PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page. Prior to version 2.6.0, `pontedilana/php-weasyprint` guarded the output filename against the `phar://` stream wrapper with a case-sensitive blacklist. PHP stream wrappers are case-insensitive, so `PHAR://`, `Phar://`, etc. bypass the check and reach `fileExists()` (`file_exists()`) in `prepareOutput()`. On PHP 7 (which the library still supports — PHP 7.4+), this triggers deserialization of a crafted PHAR archive's metadata, leading to remote code execution. This is the patch-bypass of CVE-2023-28115. The same issue and fix were handled upstream in KnpLabs/snappy (GHSA-92rv-4j2h-8mjj). PhpWeasyPrint version 2.6.0 contains a patch for the issue.

Affected Products
Vendor
pontedilana
Product
php-weasyprint
Versions
Affected
  • < 2.6.0
Problem Types
TypeCWE IDDescription
CWECWE-502CWE-502: Deserialization of Untrusted Data
Type: CWE
CWE ID: CWE-502
Description: CWE-502: Deserialization of Untrusted Data
Metrics
VersionBase scoreBase severityVector
3.18.1HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 8.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/pontedilana/php-weasyprint/security/advisories/GHSA-2fmj-p74r-3wjm
x_refsource_CONFIRM
https://github.com/KnpLabs/snappy/security/advisories/GHSA-92rv-4j2h-8mjj
x_refsource_MISC
https://github.com/pontedilana/php-weasyprint/commit/d1aa487722b5a3cab9b222b85fdb5608a5a550c3
x_refsource_MISC
https://github.com/pontedilana/php-weasyprint/releases/tag/2.6.0
x_refsource_MISC
Hyperlink: https://github.com/pontedilana/php-weasyprint/security/advisories/GHSA-2fmj-p74r-3wjm
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/KnpLabs/snappy/security/advisories/GHSA-92rv-4j2h-8mjj
Resource:
x_refsource_MISC
Hyperlink: https://github.com/pontedilana/php-weasyprint/commit/d1aa487722b5a3cab9b222b85fdb5608a5a550c3
Resource:
x_refsource_MISC
Hyperlink: https://github.com/pontedilana/php-weasyprint/releases/tag/2.6.0
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/pontedilana/php-weasyprint/security/advisories/GHSA-2fmj-p74r-3wjm
exploit
Hyperlink: https://github.com/pontedilana/php-weasyprint/security/advisories/GHSA-2fmj-p74r-3wjm
Resource:
exploit
Details not found