RHSA-2026:33449HighCVSS 7.7

Red Hat Security Advisory: php security update

Published
June 30, 2026
Last Modified
June 30, 2026

🔗 CVE IDs covered (7)

📋 Description

CVE-2026-6722 — php: php-soap: php-src: PHP SOAP extension: Remote Code Execution via use-after-free vulnerability CVE-2026-6735 — PHP: PHP-FPM: PHP-FPM: Cross-Site Scripting vulnerability via improper URL sanitation CVE-2026-7258 — PHP: PHP: Denial of Service via improper handling of signed characters in ctype functions CVE-2026-7259 — php: NULL pointer dereference in php_mb_check_encoding() via mb_ereg_search_init() CVE-2026-7261 — PHP: PHP SoapServer: Memory corruption and information disclosure via incorrect persistence handling CVE-2026-7262 — php: NULL pointer dereference in SOAP apache:Map decoder with missing CVE-2026-7568 — php: signed integer overflow in metaphone()

🔗 References (11)