CVE-2026-52778
CRITICALYesWiki has Unsafe eval() in Formula Calculator - Remote Code Execution (RCE) & Denial of Service (DoS)
Title source: cnaDescription
YesWiki is a wiki system written in PHP. Prior to version 4.6.6, an unsafe execution vulnerability exists in the Bazar form field calculator (CalcField.php) of YesWiki. The application attempts to sanitize user-defined mathematical formulas using a complex recursive regular expression before passing them to the PHP eval() function. This implementation is inherently flawed: it is vulnerable to Regular Expression Denial of Service (ReDoS / Stack Overflow) which can crash the server, and it creates a high-risk architecture where any logic bypass directly results in arbitrary PHP code execution. Version 4.6.6 patches the issue.
References (3)
Core 3
Core References
X_Refsource_Misc x_refsource_misc
https://github.com/YesWiki/yeswiki/releases/tag/v4.6.6
X_Refsource_Confirm x_refsource_confirm
https://github.com/YesWiki/yeswiki/security/advisories/GHSA-px5m-h76g-p7p8
X_Refsource_Misc x_refsource_misc
https://github.com/YesWiki/yeswiki/commit/dd2bd8fb099de0d21504bda8a810693b3fcb8e52
Scores
CVSS v3
9.8
EPSS
0.0056
EPSS Percentile
42.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
total
Details
CWE
CWE-1333
CWE-94
Status
published
Products (1)
YesWiki/yeswiki
< 4.6.6
Published
Jun 08, 2026
Tracked Since
Jun 09, 2026