- Description
- In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, when SoapServer is configured with SOAP_PERSISTENCE_SESSION, the handler object is persisted across requests via session storage. However, in the case SOAP requests results in an error, the persistance is handled incorrectly, resulting in freeing the object while keeping a pointer to it, which may lead to use-after-free. This may lead to memory corruption, information disclosure, or process crashes, with confidentiality, integrity, and availability impact on the vulnerable system.
- Source
- security@php.net
- NVD status
- Analyzed
- Products
- php
CVSS 4.0
- Type
- Secondary
- Base score
- 6.3
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:X/V:X/RE:M/U:Amber
- Severity
- MEDIUM
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- security@php.net
- CWE-416
- Hype score
- Not currently trending
kusanagi-php83 Module Update 8.3.31-1 https://t.co/0x80HohKZ5 KUSANAGI 9 modules have been updated. The updated modules are as follows: php 8.3.31-1 This update includes support for vulnerability(CVE-2026-6735, CVE-2026-7259, CVE-2025-14179, CVE-2026-6722, CVE-2026-7261,...
@kusanagi_saya
13 May 2026
277 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
kusanagi-php82 Module Update 8.2.31-1 https://t.co/YxuOm7OObb KUSANAGI 9 modules have been updated. The updated modules are as follows: php 8.2.31-1 This update includes support for vulnerability(CVE-2026-6735, CVE-2026-7259, CVE-2025-14179, CVE-2026-6722, CVE-2026-7261,...
@kusanagi_saya
12 May 2026
203 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A892B6FF-F4EB-40C6-8DD0-D2246A71D271",
"versionEndExcluding": "8.2.31",
"versionStartIncluding": "8.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9DBBB51D-F0C4-4CEC-9B6B-33D0BF0044A5",
"versionEndExcluding": "8.3.31",
"versionStartIncluding": "8.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA663C03-392C-41CC-BD11-4A1245203C42",
"versionEndExcluding": "8.4.21",
"versionStartIncluding": "8.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6101DA12-5AA1-4882-A52A-61FB74254F9A",
"versionEndExcluding": "8.5.6",
"versionStartIncluding": "8.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]