Vulnerability in Pear Pearweb
CVE-2026-25235
PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, predictable verification hashes may allow attackers to guess verification tokens and potentially verify election account requests without aut…
EPSS: 0.000 (15.5th percentile) — read the EPSS interpretation.
Affected products
- Pear Pearweb — versions < 1.33.0
Weakness classification (CWE)
References
- https://github.com/pear/pearweb/security/advisories/GHSA-477r-4cmw-3cgf (x_refsource_CONFIRM)