A separate library, picomatch , had a vulnerability (CVE-2026-33672) involving "method injection" in POSIX character classes, which was fixed in its own version 3.0.2 (not alpha.2).
The attacker first checks if the target is running the vulnerable version by requesting a non-existent page and looking for the PicoCMS-3.0.0-alpha.2 header. Pico 3.0.0-alpha.2 Exploit
The attacker sends a POST request to the index page with a malicious YAML payload in the X-Pico-Debug header (or a theme parameter). A separate library, picomatch , had a vulnerability