CVE-2026-6652 | Pagekit CMS up to 1.0.18 StringStorage Template PhpEngine.php evaluate eval injection

A vulnerability marked as critical has been reported in Pagekit CMS up to 1.0.18. This issue affects the function evaluate of the file app/modules/view/src/PhpEngine.php of the component StringStorage Template Handler. This manipulation causes improper neutralization of directives in dynamically evaluated code.

This vulnerability is registered as CVE-2026-6652. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-6652 | Pagekit CMS up to 1.0.18 StringStorage Template PhpEngine.php evaluate eval injection

Post correlati

CVE-2023-6839 | WSO2 API Manager prior 3.0.0.15/3.2.0.32 REST API information exposure

CVE-2025-9278 | Rockwell Automation ArmorStart LT ICMP Connectivity resource consumption

CVE-2025-0932 | Arm Bifrost GPU Userspace Driver use after free (EUVD-2025-23496)

CVE-2024-7392 | ChargePoint Home Flex Bluetooth Low Energy denial of service (ZDI-24-1047)