Vulnerability in Phalcon Cphalcon

CVE-2026-57584

Phalcon is a high-performance, full-stack PHP framework. Prior to 5.15.0, every Phalcon MVC application built with a default router registers a built-in route whose compiled PCRE pattern contains the nested quantifier (/.), and the same co…

Vulnerability class: ReDoS (Regular Expression Denial of Service)

Affected products

Weakness classification (CWE)

References