Vulnerability in Pear Pearweb
CVE-2026-25233
PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, logic bug in the roadmap role check allows non-lead maintainers to create, update, or delete roadmaps. This issue has been patched in version…
EPSS: 0.001 (19.6th percentile) — read the EPSS interpretation.
Affected products
- Pear Pearweb — versions < 1.33.0
Weakness classification (CWE)
References
- https://github.com/pear/pearweb/security/advisories/GHSA-p92v-9j73-fxx3 (x_refsource_CONFIRM)