RHSA-2026:22649HighCVSS 8.2

Red Hat Security Advisory: php8.4 security update

Published
June 2, 2026
Last Modified
June 5, 2026

🔗 CVE IDs covered (6)

CVE-2026-7568CVE-2026-6104CVE-2026-6735CVE-2026-7258CVE-2026-7262CVE-2026-7263

📋 Description

CVE-2026-6104 — php: global buffer over-read in mb_convert_encoding() with attacker-supplied encoding CVE-2026-6735 — PHP: PHP-FPM: PHP-FPM: Cross-Site Scripting vulnerability via improper URL sanitation CVE-2026-7258 — PHP: PHP: Denial of Service via improper handling of signed characters in ctype functions CVE-2026-7262 — php: NULL pointer dereference in SOAP apache:Map decoder with missing CVE-2026-7263 — php: denial of service via DOMNode::C14N() CVE-2026-7568 — php: signed integer overflow in metaphone()

🔗 References (9)