Vulnerability in Pear Pearweb
CVE-2026-25237
PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, use of preg_replace() with the /e modifier in bug update email handling can enable PHP code execution if attacker-controlled content reaches…
EPSS: 0.001 (30.9th percentile) — read the EPSS interpretation.
Affected products
- Pear Pearweb — versions < 1.33.0
Weakness classification (CWE)
References
- https://github.com/pear/pearweb/security/advisories/GHSA-vhw6-hqh9-8r23 (x_refsource_CONFIRM)