CVEbaza.plCWE DictionaryCWE-479
Common Weakness Enumeration

CWE-479

Signal Handler Use of a Non-reentrant Function

Category: VariantCVE: 2
Description

The product defines a signal handler that calls a non-reentrant function.

CVE vulnerabilities with CWE-479 (2)
8.6
CVSS
HIGH
CVE-2026-44011

Craft CMS is a content management system (CMS). From 4.0.0 to before 4.17.12 and 5.9.18, Craft CMS which contains an input-handling flaw in a Yii object creation path that let any authenticated user inject malicious configuration and execute arbitrary commands on the server. The request-controlled condition field layouts data is converted into a live FieldLayout object without a Component::cleanseConfig() boundary. Because Craft configures models before parent::__construct(), attacker-controlled special config keys can take effect during object creation, and FieldLayout initialization then triggers a same-request event. This vulnerability is fixed in 4.17.12 and 5.9.18.

pub. 2026-05-12
7.8
CVSS
HIGH
CVE-2021-26948

Null pointer dereference in the htmldoc v1.9.11 and before may allow attackers to execute arbitrary code and cause a denial of service via a crafted html file.

pub. 2022-03-03
Information
ID: CWE-479
Type: Variant
Vulnerabilities: 2
MITRE CWE ↗
← CWE Dictionary
CWE-479 — Signal Handler Use of a Non-reentrant Function | CWE Dictionary | CVEbaza.pl