CVE-2026-52778
9.8 CRITICALYesWiki is a wiki system written in PHP
Published: 2026-06-08 · Last updated: 2026-06-09
Severity and scoring
- CVSS
- 9.8 CRITICAL
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- CWE
- CWE-1333, CWE-94
Description
YesWiki is a wiki system written in PHP. Prior to version 4.6.6, an unsafe execution vulnerability exists in the Bazar form field calculator (CalcField.php) of YesWiki. The application attempts to sanitize user-defined mathematical formulas using a complex recursive regular expression before passing them to the PHP eval() function. This implementation is inherently flawed: it is vulnerable to Regular Expression Denial of Service (ReDoS / Stack Overflow) which can crash the server, and it creates a high-risk architecture where any logic bypass directly results in arbitrary PHP code execution. Version 4.6.6 patches the issue.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-52778
- [Other]https://github.com/YesWiki/yeswiki/commit/dd2bd8fb099de0d21504bda8a810693b3fcb8e52
- [Other]https://github.com/YesWiki/yeswiki/releases/tag/v4.6.6
- [Other]https://github.com/YesWiki/yeswiki/security/advisories/GHSA-px5m-h76g-p7p8
- [Other]https://github.com/YesWiki/yeswiki/security/advisories/GHSA-px5m-h76g-p7p8
Related CVEs
Same CWE
- CVE-2026-46517 — LMDeploy is a toolkit for compressing, deploying, and serving large language models (7.8 HIGH)
- CVE-2026-46432 — LMDeploy is a toolkit for compressing, deploying, and serving large language models (7.8 HIGH)
- CVE-2026-47292 — Inclusion of functionality from untrusted control sphere in Visual Studio Code allows an unauthorized attacker to elevate privileges locally (7.8 HIGH)
- CVE-2026-45583 — Improper control of generation of code ('code injection') in Microsoft Exchange Server allows an unauthorized attacker to execute code ov... (7.5 HIGH)
- CVE-2026-42567 — Svelte is a performance oriented web framework