CVE-2026-40044 - Vulnerability Analysis
CriticalCVSS: 9.8Last Updated: April 13, 2026
Pachno - Remote Code Execution
Overview
Pachno 1.0.6 contains an insecure deserialization vulnerability caused by unserializing attacker-controlled serialized objects in world-writable cache files during framework bootstrap, letting unauthenticated attackers execute arbitrary code.
Severity & Score
Impact
Unauthenticated attackers can execute arbitrary code remotely, potentially leading to full system compromise.
Mitigation
Update to the latest version that fixes this vulnerability.
References
Social Media Activity(2 posts)
š“ CVE-2026-40044 - Critical (9.8) Pachno 1.0.6 contains a deserialization vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting malicious serialized objects into cache files. Attackers can write PHP object payloads to world-writable cache files... š https://www.thehackerwire.com/vulnerability/CVE-2026-40044/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
š“ CVE-2026-40044 - Critical (9.8) Pachno 1.0.6 contains a deserialization vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting malicious serialized objects into cache files. Attackers can write PHP object payloads to world-writable cache files... š https://www.thehackerwire.com/vulnerability/CVE-2026-40044/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-40044
- Severity
- Critical
- CVSS Score
- 9.8
- Type
- insecure_deserialization
- Status
- new
- EPSS
- 0.0%
- Social Posts
- 2
CWE
- CWE-502
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H