CRITICAL
codeigniter4
CVE published 2026-07-17
CVE-2026-48062
CVE-2026-48062 is a critical vulnerability in CodeIgniter, a PHP full-stack web framework. The ext_in upload validation rule incorrectly checked the MIME type's extension instead of the client-provided filename extension, potentially allowing an attacker to upload a malicious PHP file as a GIF image. This vulnerability is particularly severe if applications accept user-controlled uploads, rely on ext_in t [truncated]