RHSA-2026:34354HighCVSS 7.7

Red Hat Security Advisory: php:7.4 security update

Published
July 1, 2026
Last Modified
July 1, 2026

🔗 CVE IDs covered (6)

📋 Description

CVE-2026-6722 — php: php-soap: php-src: PHP SOAP extension: Remote Code Execution via use-after-free vulnerability CVE-2026-6735 — PHP: PHP-FPM: PHP-FPM: Cross-Site Scripting vulnerability via improper URL sanitation CVE-2026-7258 — PHP: PHP: Denial of Service via improper handling of signed characters in ctype functions CVE-2026-7261 — PHP: PHP SoapServer: Memory corruption and information disclosure via incorrect persistence handling CVE-2026-7262 — php: NULL pointer dereference in SOAP apache:Map decoder with missing CVE-2026-7568 — php: signed integer overflow in metaphone()

🔗 References (10)