CVE-2026-39850 | yiisoft yii2 up to 2.0.54 PHP File View::renderPhpFile _params_ input validation (GHSA-5vpg-rj7q-qpw2)

May 20, 2026 Yanac

A vulnerability marked as problematic has been reported in yiisoft yii2 up to 2.0.54. This affects the function View::renderPhpFile of the component PHP File Handler. The manipulation of the argument _params_ leads to improper input validation.

This vulnerability is traded as CVE-2026-39850. It is possible to initiate the attack remotely. There is no exploit available.

It is suggested to upgrade the affected component.VulDB Recent EntriesRead More