CVE-2026-41229 | Froxlor up to 2.3.5 Setting lib/userdata.inc.php parseArrayToString privileged_user code injection (GHSA-gc9w-cc93-rjv8)

A vulnerability was found in Froxlor up to 2.3.5. It has been rated as critical. This vulnerability affects the function PhpHelper::parseArrayToString in the library lib/userdata.inc.php of the component Setting Handler. This manipulation of the argument privileged_user causes code injection.

This vulnerability is registered as CVE-2026-41229. Remote exploitation of the attack is possible. No exploit is available.

Upgrading the affected component is advised.VulDB Recent EntriesRead More