CompilerRuntime code injection via unescaped function names

PKSA-mnyp-475s-ywph CVE-2026-54133

Affected version: <2.9.1

Reported by:
FriendsOfPHP/security-advisories