A critical security vulnerability has been discovered in the CodeIgniter4 PHP framework, allowing attackers to bypass file upload validation and potentially achieve remote code execution (RCE) on affected web applications. Tracked as CVE-2026-48062 and published via GitHub Security Advisory GHSA-2gr4-ppc7-7mhx, the flaw carries a maximum-severity CVSS v3.1 score, reflecting its network-exploitable, zero-interaction nature. The root cause lies in […]
The post Critical CodeIgniter File Upload Flaw Allows Validation Bypass, Risks Remote Code Execution appeared first on Cyber Security News.