CVE-2026-25524 | OpenMage magento-lts up to 20.16.x phar getimagesize/file_exists/is_readable deserialization (GHSA-fg79-cr9c-7369)

A vulnerability classified as problematic was found in OpenMage magento-lts up to 20.16.x. This affects the function getimagesize/file_exists/is_readable of the component phar Handler. Such manipulation leads to deserialization.

This vulnerability is documented as CVE-2026-25524. The attack can be executed remotely. There is not any exploit available.

Upgrading the affected component is advised.VulDB Recent EntriesRead More