Summary
PHP released emergency updates to fix five vulnerabilities, including two critical use-after-free flaws (CVE-2026-6722 and CVE-2026-7261) that allow unauthenticated remote code execution via the SOAP extension.
Take Action:
If you run PHP on your web servers, update immediately to version 8.2.31, 8.3.31, 8.4.21, or 8.5.6. If you can't patch right away, disable the SOAP extension as a temporary measure until the update is applied.
Read the full article on BeyondMachines
This article was originally published on BeyondMachines
Top comments (0)