[05:34:09] project cache dir: /data/pruva/project-cache/c431373e-3d22-4a59-aad9-ea7d91c40bf5 [05:34:09] patched source tree already present and patched, reusing [05:34:09] patched image phpbb-cve2026-48611:patched already present, reusing [05:34:09] container phpbb-cve2026-48611-patched-verify healthy 65: $auth_provider = $provider_collection->get_provider(); [05:34:09] patched ucp_login_link.php confirmed inside container (no-arg get_provider()) [05:34:09] === TEST A: exploit (wrong password) against PATCHED build === [05:34:10] TEST A: session *_u = 1 (admin is 2); error block = 1; redirect-to-index = 0 [05:34:10] === TEST B: legitimate login (correct password) against PATCHED build === [05:34:10] TEST B: session *_u = 2 (admin is 2); redirect-to-index = 1 [05:34:10] TEST B: admin indicators on index page (ACP link count) = 2 [05:34:10] === CONTROL: exploit against UNPATCHED :vuln image === [05:34:11] container phpbb-cve2026-48611-vuln-verify healthy [05:34:11] CONTROL: session *_u = 2 (admin is 2) [05:34:12] VERDICT: exploit_blocked_on_patched=yes; legit_login_works_on_patched=yes; control_hijack_on_unpatched=yes [05:34:12] RESULT: PASS — CVE-2026-48611 fix verified (exploit blocked on patched 3.3.16, legitimate login-link login still works)