A vulnerability marked as critical has been reported in shivammathur setup-php up to 2.37.0. The affected element is an unknown function of the file platform-overrides.php of the component Version Resolution. This manipulation causes command injection.
This vulnerability is tracked as CVE-2026-46420. The attack is possible to be carried out remotely. No exploit exists.