CVE Vulnerabilities

CVE-2026-25233

Operator Precedence Logic Error

Published: Feb 03, 2026 | Modified: Feb 05, 2026
CVSS 3.x
9.1
CRITICAL
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu
root.io logo minimus.io logo echo.ai logo

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, logic bug in the roadmap role check allows non-lead maintainers to create, update, or delete roadmaps. This issue has been patched in version 1.33.0.

Weakness

The product uses an expression in which operator precedence causes incorrect logic to be used.

Affected Software

NameVendorStart VersionEnd Version
PearwebPear*1.33.0 (excluding)

Potential Mitigations

References