Action not permitted
Modal body text goes here.
Modal Title
Modal Body
ubuntu-cve-2026-7263
Vulnerability from osv_ubuntu
In PHP versions 8.4. before 8.4.21 and 8.5. before 8.5.6, DOMNode::C14N() method may process the XML data incorrectly, causing a circular linked list in the data structure representing the XML document. This may cause subsequent processing of the XML document to enter infinite loop, causing denial of service in the processing application.
{
"affected": [
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libapache2-mod-php8.5",
"binary_version": "8.5.4-0ubuntu1.1"
},
{
"binary_name": "libphp8.5-embed",
"binary_version": "8.5.4-0ubuntu1.1"
},
{
"binary_name": "php8.5",
"binary_version": "8.5.4-0ubuntu1.1"
},
{
"binary_name": "php8.5-bcmath",
"binary_version": "8.5.4-0ubuntu1.1"
},
{
"binary_name": "php8.5-bz2",
"binary_version": "8.5.4-0ubuntu1.1"
},
{
"binary_name": "php8.5-cgi",
"binary_version": "8.5.4-0ubuntu1.1"
},
{
"binary_name": "php8.5-cli",
"binary_version": "8.5.4-0ubuntu1.1"
},
{
"binary_name": "php8.5-common",
"binary_version": "8.5.4-0ubuntu1.1"
},
{
"binary_name": "php8.5-curl",
"binary_version": "8.5.4-0ubuntu1.1"
},
{
"binary_name": "php8.5-dba",
"binary_version": "8.5.4-0ubuntu1.1"
},
{
"binary_name": "php8.5-enchant",
"binary_version": "8.5.4-0ubuntu1.1"
},
{
"binary_name": "php8.5-fpm",
"binary_version": "8.5.4-0ubuntu1.1"
},
{
"binary_name": "php8.5-gd",
"binary_version": "8.5.4-0ubuntu1.1"
},
{
"binary_name": "php8.5-gmp",
"binary_version": "8.5.4-0ubuntu1.1"
},
{
"binary_name": "php8.5-interbase",
"binary_version": "8.5.4-0ubuntu1.1"
},
{
"binary_name": "php8.5-intl",
"binary_version": "8.5.4-0ubuntu1.1"
},
{
"binary_name": "php8.5-ldap",
"binary_version": "8.5.4-0ubuntu1.1"
},
{
"binary_name": "php8.5-litespeed",
"binary_version": "8.5.4-0ubuntu1.1"
},
{
"binary_name": "php8.5-mbstring",
"binary_version": "8.5.4-0ubuntu1.1"
},
{
"binary_name": "php8.5-mysql",
"binary_version": "8.5.4-0ubuntu1.1"
},
{
"binary_name": "php8.5-odbc",
"binary_version": "8.5.4-0ubuntu1.1"
},
{
"binary_name": "php8.5-pgsql",
"binary_version": "8.5.4-0ubuntu1.1"
},
{
"binary_name": "php8.5-phpdbg",
"binary_version": "8.5.4-0ubuntu1.1"
},
{
"binary_name": "php8.5-readline",
"binary_version": "8.5.4-0ubuntu1.1"
},
{
"binary_name": "php8.5-snmp",
"binary_version": "8.5.4-0ubuntu1.1"
},
{
"binary_name": "php8.5-soap",
"binary_version": "8.5.4-0ubuntu1.1"
},
{
"binary_name": "php8.5-sqlite3",
"binary_version": "8.5.4-0ubuntu1.1"
},
{
"binary_name": "php8.5-sybase",
"binary_version": "8.5.4-0ubuntu1.1"
},
{
"binary_name": "php8.5-tidy",
"binary_version": "8.5.4-0ubuntu1.1"
},
{
"binary_name": "php8.5-xml",
"binary_version": "8.5.4-0ubuntu1.1"
},
{
"binary_name": "php8.5-xsl",
"binary_version": "8.5.4-0ubuntu1.1"
},
{
"binary_name": "php8.5-zip",
"binary_version": "8.5.4-0ubuntu1.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:26.04:LTS",
"name": "php8.5",
"purl": "pkg:deb/ubuntu/php8.5@8.5.4-0ubuntu1.1?arch=source\u0026distro=resolute"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.5.4-0ubuntu1.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"8.5.2-0ubuntu1",
"8.5.4-0ubuntu1"
]
}
],
"aliases": [],
"details": "In PHP versions 8.4.* before 8.4.21 and 8.5.* before 8.5.6, DOMNode::C14N()\u00a0method may process the XML data incorrectly, causing a circular linked list in the data structure representing the XML document. This may cause subsequent processing of the XML document to enter infinite loop, causing denial of service in the processing application.",
"id": "UBUNTU-CVE-2026-7263",
"modified": "2026-06-30T16:18:39Z",
"published": "2026-05-10T06:16:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-7263"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-7263"
},
{
"type": "REPORT",
"url": "https://github.com/php/php-src/security/advisories/GHSA-4jhr-8w89-j733"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8336-1"
}
],
"related": [
"USN-8336-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/AU:Y/RE:M/U:Amber",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2026-7263"
]
}
CVE-2026-7263 (GCVE-0-2026-7263)
Vulnerability from cvelistv5 – Published: 2026-05-10 04:43 – Updated: 2026-07-15 00:40| URL | Tags |
|---|---|
| https://github.com/php/php-src/security/advisorie… | vendor-advisory |
| https://access.redhat.com/security/cve/CVE-2026-7263 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2468572 | issue-trackingx_refsource_REDHAT |
| https://security.access.redhat.com/data/csaf/v2/v… | x_sadp-csaf-vex |
| https://access.redhat.com/errata/RHSA-2026:22649 | vendor-advisoryx_refsource_REDHAT |
| Vendor | Product | Version | |
|---|---|---|---|
| PHP Group | PHP |
Affected:
8.4.* , < 8.4.21
(semver)
Affected: 8.5.* , < 8.5.6 (semver) |
|
| Red Hat | Red Hat Enterprise Linux 10 |
Unaffected:
0:8.4.21-1.el10_2 , < *
(rpm)
cpe:/o:redhat:enterprise_linux:10.2 |
|
| Red Hat | Red Hat Enterprise Linux 10 |
cpe:/o:redhat:enterprise_linux:10 |
|
| Red Hat | Red Hat Enterprise Linux 6 |
cpe:/o:redhat:enterprise_linux:6 |
|
| Red Hat | Red Hat Enterprise Linux 7 |
cpe:/o:redhat:enterprise_linux:7 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
cpe:/o:redhat:enterprise_linux:8 |
|
| Red Hat | Red Hat Enterprise Linux 9 |
cpe:/o:redhat:enterprise_linux:9 |
|
| Red Hat | Red Hat Hardened Images |
cpe:/a:redhat:hummingbird:1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-7263",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-11T13:04:22.553796Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T13:04:26.399Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.2"
],
"defaultStatus": "affected",
"packageName": "php8.4",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:8.4.21-1.el10_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "unaffected",
"packageName": "php",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "php",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "php",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "php:7.4/php",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "php:8.2/php",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "php",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "php:8.2/php",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "php:8.3/php",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:hummingbird:1"
],
"defaultStatus": "unaffected",
"packageName": "php",
"product": "Red Hat Hardened Images",
"vendor": "Red Hat"
}
],
"datePublic": "2026-05-10T04:43:04.483Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in PHP. The `DOMNode::C14N()` method may incorrectly process XML data due to the improper removal of an `xmlns` attribute from the underlying libxml2 data structure, corrupting the linked list representing the XML document and causing an infinite loop. This issue can lead to excessive resource consumption, eventually resulting in a denial of service in the processing application."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-15T00:40:16.236Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-7263"
},
{
"name": "RHBZ#2468572",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2468572"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-7263.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22649"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:22649: Red Hat Enterprise Linux AppStream (v. 10)"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-10T06:00:59.933Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-05-10T04:43:04.483Z",
"value": "Made public."
}
],
"title": "php: denial of service via DOMNode::C14N()",
"workarounds": [
{
"lang": "en",
"value": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible."
}
],
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "dom",
"product": "PHP",
"vendor": "PHP Group",
"versions": [
{
"lessThan": "8.4.21",
"status": "affected",
"version": "8.4.*",
"versionType": "semver"
},
{
"lessThan": "8.5.6",
"status": "affected",
"version": "8.5.*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Nikita Sveshnikov (Positive Technologies)"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Ilija Tovilo"
}
],
"datePublic": "2026-05-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In PHP versions 8.4.* before 8.4.21 and 8.5.* before 8.5.6, \u003ccode\u003eDOMNode::C14N()\u003c/code\u003e\u0026nbsp;method may process the XML data incorrectly, causing a circular linked list in the data structure representing the XML document. This may cause subsequent processing of the XML document to enter infinite loop, causing denial of service in the processing application.\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e"
}
],
"value": "In PHP versions 8.4.* before 8.4.21 and 8.5.* before 8.5.6, DOMNode::C14N()\u00a0method may process the XML data incorrectly, causing a circular linked list in the data structure representing the XML document. This may cause subsequent processing of the XML document to enter infinite loop, causing denial of service in the processing application."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/AU:Y/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "CWE-404 Improper Resource Shutdown or Release",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835 Loop with unreachable exit condition (\u0027infinite loop\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-10T04:46:28.150Z",
"orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
"shortName": "php"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://github.com/php/php-src/security/advisories/GHSA-4jhr-8w89-j733"
}
],
"source": {
"advisory": "GHSA-4jhr-8w89-j733",
"discovery": "EXTERNAL"
},
"title": "DoS attack via DOMNode::C14N()",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
"assignerShortName": "php",
"cveId": "CVE-2026-7263",
"datePublished": "2026-05-10T04:43:04.483Z",
"dateReserved": "2026-04-28T05:12:25.217Z",
"dateUpdated": "2026-07-15T00:40:16.236Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
usn-8336-1
Vulnerability from osv_ubuntu
Aleksey Solovev and Nikita Sveshnikov discovered that PHP improperly handled NUL bytes when preparing SQL queries in the PDO Firebird driver. An attacker could possibly use this issue to perform SQL injection attacks. (CVE-2025-14179)
It was discovered that PHP incorrectly handled certain encoding names in mbstring. An attacker could possibly use this issue to obtain sensitive information or cause a denial of service. This issue only affected Ubuntu 25.10 and Ubuntu 26.04 LTS. (CVE-2026-6104)
It was discovered that PHP incorrectly handled object references while parsing crafted SOAP requests. A remote attacker could possibly use this issue to execute arbitrary code. (CVE-2026-6722)
It was discovered that PHP incorrectly sanitized certain data in the PHP-FPM status page. A remote attacker could possibly use this issue to inject arbitrary JavaScript code. (CVE-2026-6735)
It was discovered that PHP had an encoding mismatch in mbstring. An attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2026-7259)
It was discovered that PHP incorrectly handled SOAP session persistence after errors. A remote attacker could possibly use this issue to obtain sensitive information or cause PHP to crash, resulting in a denial of service. (CVE-2026-7261)
It was discovered that PHP incorrectly handled missing values in SOAP typemap decoding. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2026-7262)
It was discovered that PHP incorrectly handled XML canonicalization in DOMNode::C14N(). An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 26.04 LTS. (CVE-2026-7263)
It was discovered that PHP incorrectly handled very long input in metaphone(). An attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2026-7568)
{
"affected": [
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2025-14179",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/AU:Y/RE:M/U:Amber",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-6722",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/AU:Y/RE:M/U:Red",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-6735",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:P/S:P/AU:Y/RE:L/U:Amber",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-7259",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/AU:Y/U:Amber",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-7261",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/S:P/AU:Y/RE:M/U:Amber",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-7262",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/AU:Y/RE:M/U:Amber",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-7568",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/RE:L/U:Amber",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:22.04:LTS"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libapache2-mod-php7.4",
"binary_version": "8.1.2-1ubuntu2.24"
},
{
"binary_name": "libapache2-mod-php8.0",
"binary_version": "8.1.2-1ubuntu2.24"
},
{
"binary_name": "libapache2-mod-php8.1",
"binary_version": "8.1.2-1ubuntu2.24"
},
{
"binary_name": "libphp8.1-embed",
"binary_version": "8.1.2-1ubuntu2.24"
},
{
"binary_name": "php8.1",
"binary_version": "8.1.2-1ubuntu2.24"
},
{
"binary_name": "php8.1-bcmath",
"binary_version": "8.1.2-1ubuntu2.24"
},
{
"binary_name": "php8.1-bz2",
"binary_version": "8.1.2-1ubuntu2.24"
},
{
"binary_name": "php8.1-cgi",
"binary_version": "8.1.2-1ubuntu2.24"
},
{
"binary_name": "php8.1-cli",
"binary_version": "8.1.2-1ubuntu2.24"
},
{
"binary_name": "php8.1-common",
"binary_version": "8.1.2-1ubuntu2.24"
},
{
"binary_name": "php8.1-curl",
"binary_version": "8.1.2-1ubuntu2.24"
},
{
"binary_name": "php8.1-dba",
"binary_version": "8.1.2-1ubuntu2.24"
},
{
"binary_name": "php8.1-enchant",
"binary_version": "8.1.2-1ubuntu2.24"
},
{
"binary_name": "php8.1-fpm",
"binary_version": "8.1.2-1ubuntu2.24"
},
{
"binary_name": "php8.1-gd",
"binary_version": "8.1.2-1ubuntu2.24"
},
{
"binary_name": "php8.1-gmp",
"binary_version": "8.1.2-1ubuntu2.24"
},
{
"binary_name": "php8.1-imap",
"binary_version": "8.1.2-1ubuntu2.24"
},
{
"binary_name": "php8.1-interbase",
"binary_version": "8.1.2-1ubuntu2.24"
},
{
"binary_name": "php8.1-intl",
"binary_version": "8.1.2-1ubuntu2.24"
},
{
"binary_name": "php8.1-ldap",
"binary_version": "8.1.2-1ubuntu2.24"
},
{
"binary_name": "php8.1-mbstring",
"binary_version": "8.1.2-1ubuntu2.24"
},
{
"binary_name": "php8.1-mysql",
"binary_version": "8.1.2-1ubuntu2.24"
},
{
"binary_name": "php8.1-odbc",
"binary_version": "8.1.2-1ubuntu2.24"
},
{
"binary_name": "php8.1-opcache",
"binary_version": "8.1.2-1ubuntu2.24"
},
{
"binary_name": "php8.1-pgsql",
"binary_version": "8.1.2-1ubuntu2.24"
},
{
"binary_name": "php8.1-phpdbg",
"binary_version": "8.1.2-1ubuntu2.24"
},
{
"binary_name": "php8.1-pspell",
"binary_version": "8.1.2-1ubuntu2.24"
},
{
"binary_name": "php8.1-readline",
"binary_version": "8.1.2-1ubuntu2.24"
},
{
"binary_name": "php8.1-snmp",
"binary_version": "8.1.2-1ubuntu2.24"
},
{
"binary_name": "php8.1-soap",
"binary_version": "8.1.2-1ubuntu2.24"
},
{
"binary_name": "php8.1-sqlite3",
"binary_version": "8.1.2-1ubuntu2.24"
},
{
"binary_name": "php8.1-sybase",
"binary_version": "8.1.2-1ubuntu2.24"
},
{
"binary_name": "php8.1-tidy",
"binary_version": "8.1.2-1ubuntu2.24"
},
{
"binary_name": "php8.1-xml",
"binary_version": "8.1.2-1ubuntu2.24"
},
{
"binary_name": "php8.1-xsl",
"binary_version": "8.1.2-1ubuntu2.24"
},
{
"binary_name": "php8.1-zip",
"binary_version": "8.1.2-1ubuntu2.24"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "php8.1",
"purl": "pkg:deb/ubuntu/php8.1@8.1.2-1ubuntu2.24?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.1.2-1ubuntu2.24"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"8.1.0~rc4-1ubuntu2",
"8.1.0-1",
"8.1.2-1ubuntu1",
"8.1.2-1ubuntu2",
"8.1.2-1ubuntu2.1",
"8.1.2-1ubuntu2.2",
"8.1.2-1ubuntu2.3",
"8.1.2-1ubuntu2.4",
"8.1.2-1ubuntu2.5",
"8.1.2-1ubuntu2.6",
"8.1.2-1ubuntu2.8",
"8.1.2-1ubuntu2.9",
"8.1.2-1ubuntu2.10",
"8.1.2-1ubuntu2.11",
"8.1.2-1ubuntu2.13",
"8.1.2-1ubuntu2.14",
"8.1.2-1ubuntu2.15",
"8.1.2-1ubuntu2.17",
"8.1.2-1ubuntu2.18",
"8.1.2-1ubuntu2.19",
"8.1.2-1ubuntu2.20",
"8.1.2-1ubuntu2.21",
"8.1.2-1ubuntu2.22",
"8.1.2-1ubuntu2.23"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2025-14179",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/AU:Y/RE:M/U:Amber",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-6722",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/AU:Y/RE:M/U:Red",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-6735",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:P/S:P/AU:Y/RE:L/U:Amber",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-7259",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/AU:Y/U:Amber",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-7261",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/S:P/AU:Y/RE:M/U:Amber",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-7262",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/AU:Y/RE:M/U:Amber",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-7568",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/RE:L/U:Amber",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:24.04:LTS"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libapache2-mod-php8.3",
"binary_version": "8.3.6-0ubuntu0.24.04.9"
},
{
"binary_name": "libphp8.3-embed",
"binary_version": "8.3.6-0ubuntu0.24.04.9"
},
{
"binary_name": "php8.3",
"binary_version": "8.3.6-0ubuntu0.24.04.9"
},
{
"binary_name": "php8.3-bcmath",
"binary_version": "8.3.6-0ubuntu0.24.04.9"
},
{
"binary_name": "php8.3-bz2",
"binary_version": "8.3.6-0ubuntu0.24.04.9"
},
{
"binary_name": "php8.3-cgi",
"binary_version": "8.3.6-0ubuntu0.24.04.9"
},
{
"binary_name": "php8.3-cli",
"binary_version": "8.3.6-0ubuntu0.24.04.9"
},
{
"binary_name": "php8.3-common",
"binary_version": "8.3.6-0ubuntu0.24.04.9"
},
{
"binary_name": "php8.3-curl",
"binary_version": "8.3.6-0ubuntu0.24.04.9"
},
{
"binary_name": "php8.3-dba",
"binary_version": "8.3.6-0ubuntu0.24.04.9"
},
{
"binary_name": "php8.3-enchant",
"binary_version": "8.3.6-0ubuntu0.24.04.9"
},
{
"binary_name": "php8.3-fpm",
"binary_version": "8.3.6-0ubuntu0.24.04.9"
},
{
"binary_name": "php8.3-gd",
"binary_version": "8.3.6-0ubuntu0.24.04.9"
},
{
"binary_name": "php8.3-gmp",
"binary_version": "8.3.6-0ubuntu0.24.04.9"
},
{
"binary_name": "php8.3-imap",
"binary_version": "8.3.6-0ubuntu0.24.04.9"
},
{
"binary_name": "php8.3-interbase",
"binary_version": "8.3.6-0ubuntu0.24.04.9"
},
{
"binary_name": "php8.3-intl",
"binary_version": "8.3.6-0ubuntu0.24.04.9"
},
{
"binary_name": "php8.3-ldap",
"binary_version": "8.3.6-0ubuntu0.24.04.9"
},
{
"binary_name": "php8.3-mbstring",
"binary_version": "8.3.6-0ubuntu0.24.04.9"
},
{
"binary_name": "php8.3-mysql",
"binary_version": "8.3.6-0ubuntu0.24.04.9"
},
{
"binary_name": "php8.3-odbc",
"binary_version": "8.3.6-0ubuntu0.24.04.9"
},
{
"binary_name": "php8.3-opcache",
"binary_version": "8.3.6-0ubuntu0.24.04.9"
},
{
"binary_name": "php8.3-pgsql",
"binary_version": "8.3.6-0ubuntu0.24.04.9"
},
{
"binary_name": "php8.3-phpdbg",
"binary_version": "8.3.6-0ubuntu0.24.04.9"
},
{
"binary_name": "php8.3-pspell",
"binary_version": "8.3.6-0ubuntu0.24.04.9"
},
{
"binary_name": "php8.3-readline",
"binary_version": "8.3.6-0ubuntu0.24.04.9"
},
{
"binary_name": "php8.3-snmp",
"binary_version": "8.3.6-0ubuntu0.24.04.9"
},
{
"binary_name": "php8.3-soap",
"binary_version": "8.3.6-0ubuntu0.24.04.9"
},
{
"binary_name": "php8.3-sqlite3",
"binary_version": "8.3.6-0ubuntu0.24.04.9"
},
{
"binary_name": "php8.3-sybase",
"binary_version": "8.3.6-0ubuntu0.24.04.9"
},
{
"binary_name": "php8.3-tidy",
"binary_version": "8.3.6-0ubuntu0.24.04.9"
},
{
"binary_name": "php8.3-xml",
"binary_version": "8.3.6-0ubuntu0.24.04.9"
},
{
"binary_name": "php8.3-xsl",
"binary_version": "8.3.6-0ubuntu0.24.04.9"
},
{
"binary_name": "php8.3-zip",
"binary_version": "8.3.6-0ubuntu0.24.04.9"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "php8.3",
"purl": "pkg:deb/ubuntu/php8.3@8.3.6-0ubuntu0.24.04.9?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.3.6-0ubuntu0.24.04.9"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"8.3.0-1",
"8.3.0-1ubuntu1",
"8.3.4-1",
"8.3.4-1build1",
"8.3.6-0maysync1",
"8.3.6-0ubuntu0.24.04.1",
"8.3.6-0ubuntu0.24.04.2",
"8.3.6-0ubuntu0.24.04.3",
"8.3.6-0ubuntu0.24.04.4",
"8.3.6-0ubuntu0.24.04.5",
"8.3.6-0ubuntu0.24.04.6",
"8.3.6-0ubuntu0.24.04.7",
"8.3.6-0ubuntu0.24.04.8"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2025-14179",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/AU:Y/RE:M/U:Amber",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-6104",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:L/SI:N/SA:L/RE:M/U:Amber",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-6722",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/AU:Y/RE:M/U:Red",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-6735",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:P/S:P/AU:Y/RE:L/U:Amber",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-7259",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/AU:Y/U:Amber",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-7261",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/S:P/AU:Y/RE:M/U:Amber",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-7262",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/AU:Y/RE:M/U:Amber",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-7568",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/RE:L/U:Amber",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:25.10"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libapache2-mod-php8.4",
"binary_version": "8.4.11-1ubuntu1.2"
},
{
"binary_name": "libphp8.4-embed",
"binary_version": "8.4.11-1ubuntu1.2"
},
{
"binary_name": "php8.4",
"binary_version": "8.4.11-1ubuntu1.2"
},
{
"binary_name": "php8.4-bcmath",
"binary_version": "8.4.11-1ubuntu1.2"
},
{
"binary_name": "php8.4-bz2",
"binary_version": "8.4.11-1ubuntu1.2"
},
{
"binary_name": "php8.4-cgi",
"binary_version": "8.4.11-1ubuntu1.2"
},
{
"binary_name": "php8.4-cli",
"binary_version": "8.4.11-1ubuntu1.2"
},
{
"binary_name": "php8.4-common",
"binary_version": "8.4.11-1ubuntu1.2"
},
{
"binary_name": "php8.4-curl",
"binary_version": "8.4.11-1ubuntu1.2"
},
{
"binary_name": "php8.4-dba",
"binary_version": "8.4.11-1ubuntu1.2"
},
{
"binary_name": "php8.4-enchant",
"binary_version": "8.4.11-1ubuntu1.2"
},
{
"binary_name": "php8.4-fpm",
"binary_version": "8.4.11-1ubuntu1.2"
},
{
"binary_name": "php8.4-gd",
"binary_version": "8.4.11-1ubuntu1.2"
},
{
"binary_name": "php8.4-gmp",
"binary_version": "8.4.11-1ubuntu1.2"
},
{
"binary_name": "php8.4-interbase",
"binary_version": "8.4.11-1ubuntu1.2"
},
{
"binary_name": "php8.4-intl",
"binary_version": "8.4.11-1ubuntu1.2"
},
{
"binary_name": "php8.4-ldap",
"binary_version": "8.4.11-1ubuntu1.2"
},
{
"binary_name": "php8.4-mbstring",
"binary_version": "8.4.11-1ubuntu1.2"
},
{
"binary_name": "php8.4-mysql",
"binary_version": "8.4.11-1ubuntu1.2"
},
{
"binary_name": "php8.4-odbc",
"binary_version": "8.4.11-1ubuntu1.2"
},
{
"binary_name": "php8.4-opcache",
"binary_version": "8.4.11-1ubuntu1.2"
},
{
"binary_name": "php8.4-pgsql",
"binary_version": "8.4.11-1ubuntu1.2"
},
{
"binary_name": "php8.4-phpdbg",
"binary_version": "8.4.11-1ubuntu1.2"
},
{
"binary_name": "php8.4-readline",
"binary_version": "8.4.11-1ubuntu1.2"
},
{
"binary_name": "php8.4-snmp",
"binary_version": "8.4.11-1ubuntu1.2"
},
{
"binary_name": "php8.4-soap",
"binary_version": "8.4.11-1ubuntu1.2"
},
{
"binary_name": "php8.4-sqlite3",
"binary_version": "8.4.11-1ubuntu1.2"
},
{
"binary_name": "php8.4-sybase",
"binary_version": "8.4.11-1ubuntu1.2"
},
{
"binary_name": "php8.4-tidy",
"binary_version": "8.4.11-1ubuntu1.2"
},
{
"binary_name": "php8.4-xml",
"binary_version": "8.4.11-1ubuntu1.2"
},
{
"binary_name": "php8.4-xsl",
"binary_version": "8.4.11-1ubuntu1.2"
},
{
"binary_name": "php8.4-zip",
"binary_version": "8.4.11-1ubuntu1.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "php8.4",
"purl": "pkg:deb/ubuntu/php8.4@8.4.11-1ubuntu1.2?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.4.11-1ubuntu1.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"8.4.5-1ubuntu1",
"8.4.8-1ubuntu1",
"8.4.11-1ubuntu1",
"8.4.11-1ubuntu1.1"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2025-14179",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/AU:Y/RE:M/U:Amber",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-6104",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:L/SI:N/SA:L/RE:M/U:Amber",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-6722",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/AU:Y/RE:M/U:Red",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-6735",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:P/S:P/AU:Y/RE:L/U:Amber",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-7259",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/AU:Y/U:Amber",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-7261",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/S:P/AU:Y/RE:M/U:Amber",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-7262",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/AU:Y/RE:M/U:Amber",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-7263",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/AU:Y/RE:M/U:Amber",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-7568",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/RE:L/U:Amber",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:26.04:LTS"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libapache2-mod-php8.5",
"binary_version": "8.5.4-0ubuntu1.1"
},
{
"binary_name": "libphp8.5-embed",
"binary_version": "8.5.4-0ubuntu1.1"
},
{
"binary_name": "php8.5",
"binary_version": "8.5.4-0ubuntu1.1"
},
{
"binary_name": "php8.5-bcmath",
"binary_version": "8.5.4-0ubuntu1.1"
},
{
"binary_name": "php8.5-bz2",
"binary_version": "8.5.4-0ubuntu1.1"
},
{
"binary_name": "php8.5-cgi",
"binary_version": "8.5.4-0ubuntu1.1"
},
{
"binary_name": "php8.5-cli",
"binary_version": "8.5.4-0ubuntu1.1"
},
{
"binary_name": "php8.5-common",
"binary_version": "8.5.4-0ubuntu1.1"
},
{
"binary_name": "php8.5-curl",
"binary_version": "8.5.4-0ubuntu1.1"
},
{
"binary_name": "php8.5-dba",
"binary_version": "8.5.4-0ubuntu1.1"
},
{
"binary_name": "php8.5-enchant",
"binary_version": "8.5.4-0ubuntu1.1"
},
{
"binary_name": "php8.5-fpm",
"binary_version": "8.5.4-0ubuntu1.1"
},
{
"binary_name": "php8.5-gd",
"binary_version": "8.5.4-0ubuntu1.1"
},
{
"binary_name": "php8.5-gmp",
"binary_version": "8.5.4-0ubuntu1.1"
},
{
"binary_name": "php8.5-interbase",
"binary_version": "8.5.4-0ubuntu1.1"
},
{
"binary_name": "php8.5-intl",
"binary_version": "8.5.4-0ubuntu1.1"
},
{
"binary_name": "php8.5-ldap",
"binary_version": "8.5.4-0ubuntu1.1"
},
{
"binary_name": "php8.5-litespeed",
"binary_version": "8.5.4-0ubuntu1.1"
},
{
"binary_name": "php8.5-mbstring",
"binary_version": "8.5.4-0ubuntu1.1"
},
{
"binary_name": "php8.5-mysql",
"binary_version": "8.5.4-0ubuntu1.1"
},
{
"binary_name": "php8.5-odbc",
"binary_version": "8.5.4-0ubuntu1.1"
},
{
"binary_name": "php8.5-pgsql",
"binary_version": "8.5.4-0ubuntu1.1"
},
{
"binary_name": "php8.5-phpdbg",
"binary_version": "8.5.4-0ubuntu1.1"
},
{
"binary_name": "php8.5-readline",
"binary_version": "8.5.4-0ubuntu1.1"
},
{
"binary_name": "php8.5-snmp",
"binary_version": "8.5.4-0ubuntu1.1"
},
{
"binary_name": "php8.5-soap",
"binary_version": "8.5.4-0ubuntu1.1"
},
{
"binary_name": "php8.5-sqlite3",
"binary_version": "8.5.4-0ubuntu1.1"
},
{
"binary_name": "php8.5-sybase",
"binary_version": "8.5.4-0ubuntu1.1"
},
{
"binary_name": "php8.5-tidy",
"binary_version": "8.5.4-0ubuntu1.1"
},
{
"binary_name": "php8.5-xml",
"binary_version": "8.5.4-0ubuntu1.1"
},
{
"binary_name": "php8.5-xsl",
"binary_version": "8.5.4-0ubuntu1.1"
},
{
"binary_name": "php8.5-zip",
"binary_version": "8.5.4-0ubuntu1.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:26.04:LTS",
"name": "php8.5",
"purl": "pkg:deb/ubuntu/php8.5@8.5.4-0ubuntu1.1?arch=source\u0026distro=resolute"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.5.4-0ubuntu1.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"8.5.2-0ubuntu1",
"8.5.4-0ubuntu1"
]
}
],
"aliases": [],
"details": "Aleksey Solovev and Nikita Sveshnikov discovered that PHP improperly\nhandled NUL bytes when preparing SQL queries in the PDO Firebird driver. An\nattacker could possibly use this issue to perform SQL injection attacks.\n(CVE-2025-14179)\n\nIt was discovered that PHP incorrectly handled certain encoding names in\nmbstring. An attacker could possibly use this issue to obtain sensitive\ninformation or cause a denial of service. This issue only affected Ubuntu\n25.10 and Ubuntu 26.04 LTS. (CVE-2026-6104)\n\nIt was discovered that PHP incorrectly handled object references while\nparsing crafted SOAP requests. A remote attacker could possibly use this\nissue to execute arbitrary code. (CVE-2026-6722)\n\nIt was discovered that PHP incorrectly sanitized certain data in the\nPHP-FPM status page. A remote attacker could possibly use this issue to\ninject arbitrary JavaScript code. (CVE-2026-6735)\n\nIt was discovered that PHP had an encoding mismatch in mbstring. An\nattacker could possibly use this issue to cause PHP to crash, resulting in\na denial of service. (CVE-2026-7259)\n\nIt was discovered that PHP incorrectly handled SOAP session persistence\nafter errors. A remote attacker could possibly use this issue to obtain\nsensitive information or cause PHP to crash, resulting in a denial of\nservice. (CVE-2026-7261)\n\nIt was discovered that PHP incorrectly handled missing values in SOAP\ntypemap decoding. A remote attacker could possibly use this issue to cause\nPHP to crash, resulting in a denial of service. (CVE-2026-7262)\n\nIt was discovered that PHP incorrectly handled XML canonicalization in\nDOMNode::C14N(). An attacker could possibly use this issue to cause a\ndenial of service. This issue only affected Ubuntu 26.04 LTS.\n(CVE-2026-7263)\n\nIt was discovered that PHP incorrectly handled very long input in\nmetaphone(). An attacker could possibly use this issue to cause PHP to\ncrash, resulting in a denial of service. (CVE-2026-7568)",
"id": "USN-8336-1",
"modified": "2026-06-30T15:55:20Z",
"published": "2026-05-28T13:31:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8336-1"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-14179"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-6104"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-6722"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-6735"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-7259"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-7261"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-7262"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-7263"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-7568"
}
],
"related": [],
"schema_version": "1.7.0",
"summary": "php8.1, php8.3, php8.4, php8.5 vulnerabilities",
"upstream": [
"UBUNTU-CVE-2025-14179",
"UBUNTU-CVE-2026-6104",
"UBUNTU-CVE-2026-6722",
"UBUNTU-CVE-2026-6735",
"UBUNTU-CVE-2026-7259",
"UBUNTU-CVE-2026-7261",
"UBUNTU-CVE-2026-7262",
"UBUNTU-CVE-2026-7263",
"UBUNTU-CVE-2026-7568"
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.