CVE-2026-49358 | pontedilana php-weasyprint up to 2.5.x removeTemporaryFiles temporaryFiles file inclusion (GHSA-87qc-37cw-84h4)

A vulnerability identified as problematic has been detected in pontedilana php-weasyprint up to 2.5.x. The affected element is the function removeTemporaryFiles. This manipulation of the argument temporaryFiles causes file inclusion.

This vulnerability is tracked as CVE-2026-49358. The attack is restricted to local execution. No exploit exists.

You should upgrade the affected component.VulDB Recent EntriesRead More