CVE-2026-7261 in PHPالمعلومات

الملخص

بحسب VulDB • 25/05/2026

In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, when SoapServer is configured with SOAP_PERSISTENCE_SESSION, the handler object is persisted across requests via session storage. However, in the case SOAP requests results in an error, the persistance is handled incorrectly, resulting in freeing the object while keeping a pointer to it, which may lead to use-after-free. This may lead to memory corruption, information disclosure, or process crashes, with confidentiality, integrity, and availability impact on the vulnerable system.

Once again VulDB remains the best source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

مسؤول

Php

حجز

28/04/2026

إفشاء

10/05/2026

الاعتدال

تمت الموافقة

إدخال

VDB-362488

CPE

جاهز

CWE

CWE-416 (مؤكد)

CVSS

7.3 (VulDB)

EPSS

0.00073

KEV

لا

النشاطات

منخفض

القطاع

Insurance, Energy, ...

المصادر

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-7261
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-7261
CVE Details	https://www.cvedetails.com/cve/CVE-2026-7261/

التالي ▸نظرة عامة ◂ السابق

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!