ASR AI Security Radar
Methodology Recent Incidents Get Notified

Back to incidents

AI security incident: FrankenPHP's unicode case-folding length expansion causes incorrect split_path index...

Incident date: February 12, 2026 | Published: February 25, 2026 | Source: GitHub Security Advisory | Classification confidence: 53%

This incident is part of the public archive and includes explicit AI-related signals from the cited source material. Review methodology.

Summary FrankenPHP’s CGI path splitting logic improperly handles Unicode characters during case conversion. The logic computes the split index (for finding .php ) on a lowercased copy of the request path but applies that byte index to the original path. Because strings.ToLower() in Go can increase the byte length of certain UTF-8 characters (e.g., Ⱥ expands when lowercased), the computed index may not align with the correct position in the original string. This results in an incorrect SCRIPT_NAME and SCRIPT_FILENAME , potentially causing FrankenPHP to execute a file other than the one intended by the URI. ### **Details** The vulnerability resides in the splitPos() function and its usage within splitCgiPath() .

Why This Is AI-Related

This page is treated as AI-specific because the source material references copilot, which places the issue inside an AI workflow, model, assistant, or supporting dependency rather than a generic software bulletin.

  • copilot

Affected Workflow

Review the AI product, dependency, and integration points mentioned in the source advisory before broadening remediation.

Likely Attack Path

The advisory indicates a security path that can affect AI applications, assistants, models, or connected automation workflows if the component is deployed.

Impact

The issue can create a path to command execution inside an AI-facing product, plugin, copilot, or supporting service runtime. Severity HIGH. Classification confidence 53%. Source channel GHSA.

Detection And Triage Signals

  • New security events tied to the affected component or advisory identifier
  • Changes in AI workflow behavior, access logs, or plugin execution after the advisory window
  • Evidence that the vulnerable version is active in environments that process sensitive data

Recommended Response

  • Identify every environment that runs the affected AI plugin, assistant, CLI, or supporting package.
  • Patch or isolate the vulnerable component and remove risky execution permissions while validation is in progress.
  • Review process execution, outbound connections, and file-write logs for signs of post-exploitation activity.

Compliance And Business Impact

Even when exploit details are still emerging, delayed triage can widen operational and compliance exposure around AI systems.

Sources

Want alerts like this in real time?

Get notified with incident context, likely impact, and response guidance.

Get Notified

More incidents