Security Alert (A26-05-20): Multiple Vulnerabilities in PHP


 

Published on: 13 May 2026

Description:

PHP has released security advisories to address multiple vulnerabilities in PHP. The detailed information about the vulnerabilities can be found at:
https://www.php.net/ChangeLog-8.php

 

Affected Systems:

  • PHP 8.5 version prior to 8.5.6
  • PHP 8.4 version prior to 8.4.21
  • PHP 8.3 version prior to 8.3.31
  • PHP 8.2 version prior to 8.2.31

For detailed information of the affected systems, please refer to the corresponding security advisories at vendor's website.

 

Impact:

Successful exploitation of the vulnerabilities could lead to remote code execution, denial of service or information disclosure on an affected system.

 

Recommendation:

Patches for affected systems are now available. System administrators of affected systems should follow the recommendations provided by the vendor and take immediate actions to mitigate the risk.

 

More Information:

  • https://www.php.net/ChangeLog-8.php
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14179
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6104
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6722
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6735
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7258 (to CVE-2026-7259)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7261 (to CVE-2026-7263)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7568
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42371


Tag: PHP
Tags