{"id":"CVE-2026-48820","summary":"CakePHP: View::element() is missing a path containment check","details":"CakePHP is a rapid development framework for PHP. In versions 4.5.11 and earlier, 4.6.0 through 4.6.3, 5.0.0 through 5.1.6, 5.2.0 through 5.2.12, and 5.3.0 through 5.3.5, View::_getElementFileName() does not check that the resolved element path is within the application/plugin view template paths. When element names are created with specifically crafted user-supplied data this weakness can be leveraged to include other PHP files on the server. Patched releases are available in 5.3.6, 5.2.13, 5.1.7, 4.6.4, and 4.5.11.","aliases":["GHSA-wpvj-hjcr-h3p2"],"modified":"2026-07-08T08:13:38.854069766Z","published":"2026-06-17T21:19:44.238Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/48xxx/CVE-2026-48820.json","cwe_ids":["CWE-22","CWE-98"],"cna_assigner":"GitHub_M"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/48xxx/CVE-2026-48820.json"},{"type":"ADVISORY","url":"https://github.com/cakephp/cakephp/security/advisories/GHSA-wpvj-hjcr-h3p2"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-48820"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/cakephp/cakephp","events":[{"introduced":"b8585672346c0654311c77500ce613cdf37687cc"},{"fixed":"da6b2f49b9f0616d2fe8e04d67f6c558f699bb2f"},{"introduced":"2da6ed819f520e472ea12b011a9c7a7f39310a4a"},{"fixed":"4b8915cf32949cac5c798af2ff65f688c4d76d21"},{"introduced":"8eb600bb67a545e2d108f9ae64146f094a39bb55"},{"fixed":"e2cdc8f1c907d204f4bccf76bac1b2b93eea922e"},{"introduced":"c0175d821a5e42b934ad2a11927c5c5d0e659a0d"},{"fixed":"c6bd8670ac3d684fccf1f6735938078ea3ac1a47"}],"database_specific":{"source":"DESCRIPTION","extracted_events":[{"introduced":"4.6.0"},{"fixed":"4.6.3"},{"introduced":"5.0.0"},{"fixed":"5.1.6"},{"introduced":"5.2.0"},{"fixed":"5.2.12"},{"introduced":"5.3.0"},{"fixed":"5.3.5"}]}}],"versions":["5.3.4","5.3.3","5.3.2","5.2.11","5.3.1","5.3.0","5.2.10","5.2.9","5.2.8","4.6.2","5.2.7","5.2.6","5.2.5","4.6.1","5.2.4","5.2.3","5.2.2","5.2.1","5.2.0","4.6.0","5.1.5","5.1.4","5.1.2","5.1.1","5.1.0","5.0.11","5.0.10","5.0.9","5.0.8","5.0.7","5.0.6","5.0.5","5.0.4","5.0.3","5.0.2","5.0.1","5.0.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-48820.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"}]}