RHSA-2026:34354HighCVSS 7.7
Red Hat Security Advisory: php:7.4 security update
🔗 CVE IDs covered (6)
📋 Description
CVE-2026-6722 — php: php-soap: php-src: PHP SOAP extension: Remote Code Execution via use-after-free vulnerability CVE-2026-6735 — PHP: PHP-FPM: PHP-FPM: Cross-Site Scripting vulnerability via improper URL sanitation CVE-2026-7258 — PHP: PHP: Denial of Service via improper handling of signed characters in ctype functions CVE-2026-7261 — PHP: PHP SoapServer: Memory corruption and information disclosure via incorrect persistence handling CVE-2026-7262 — php: NULL pointer dereference in SOAP apache:Map decoder with missing CVE-2026-7568 — php: signed integer overflow in metaphone()
🔗 References (10)
- selfhttps://access.redhat.com/errata/RHSA-2026:34354
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2468560
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2468561
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2468562
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2468563
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2468565
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2468566
- externalhttps://issues.redhat.com/browse/RHEL-181020
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_34354.json