codeigniter4/framework Security Advisories for v4.6.0 (2)
-
[CRITICAL] CodeIgniter4 has a validation bypass when uploading file extensions via `ext_in` rule
PKSA-217t-qqjr-nkt3 CVE-2026-48062 GHSA-2gr4-ppc7-7mhx
Affected version: <4.7.2
Reported by:
GitHub -
[CRITICAL] CodeIgniter4's ImageMagick Handler has Command Injection Vulnerability
PKSA-7ybs-j1bv-y5mc CVE-2025-54418 GHSA-9952-gv64-x94c
Affected version: <4.6.2
Reported by:
GitHub