Product

Knp-Snappy (<= 1.7.0)

1 brief RSS

KnpLabs knp-snappy Command Injection Vulnerability (CVE-2026-46643)

KnpLabs knp-snappy versions 1.7.0 and earlier are vulnerable to command injection (CVE-2026-46643) due to an inverted is_executable check, which prevents proper shell escaping of the binary path, potentially leading to command execution if the binary path is attacker-influenced.

knp-snappy command-injection php CVE-2026-46643

2r 1t 1h ago