21CTO
Feb 3, 2026 · Information Security
Critical PHPUnit CVE-2026-24765: How Unsafe Coverage Files Enable RCE in CI/CD Pipelines
A high‑severity CVE‑2026‑24765 in the widely used PHP unit‑testing framework PHPUnit allows attackers to inject malicious coverage files that trigger unsafe deserialization and remote code execution during CI/CD test runs, prompting immediate upgrades to patched releases across all active branches.
PHPRCEcve-2026-24765
0 likes · 4 min read