VIR Vulnerability Intelligence Relay

CVE-2026-7258

high
Published 2026-05-10 ยท Modified 2026-06-01
๐Ÿ’ฌ Discuss on Community โœš Propose mitigation
CVSS v3
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS v4 NEW
6.3
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Amber
VIR risk
7.5

Description

Important: php:8.2 security update

Predictions

Exploit likelihood
83%
Patch ETA
โ€”

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

Mitigation details

Source: Red Hat Errata โ€” Red Hat Inc. ยท View original โ†— ยท Open-Errata-API

Description PHP: PHP: Denial of Service via improper handling of signed characters in ctype functions Red Hat statement Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability. CVSS v3: 5.9โ€ฆ

Workaround

for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.

Description

PHP: PHP: Denial of Service via improper handling of signed characters in ctype functions

Red Hat statement

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.

CVSS v3: 5.9 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)

Errata / fixed releases

ProductPackageAdvisoryReleased
Red Hat Enterprise Linux 8php:8.2-8100020260521052503.f7998665RHSA-2026:223052026-06-01T00:00:00Z
Red Hat Enterprise Linux 9php:8.3-9080020260521113736.9RHSA-2026:221422026-06-01T00:00:00Z
Red Hat Enterprise Linux 9php:8.2-9080020260521080715.9RHSA-2026:221432026-06-01T00:00:00Z
Red Hat Hardened Imagesphp-main-8.5.6-1.hum1RHSA-2026:141252026-05-06T00:00:00Z

Package state

ProductPackageState
Red Hat Enterprise Linux 10phpFix deferred
Red Hat Enterprise Linux 10php8.4Fix deferred
Red Hat Enterprise Linux 6phpFix deferred
Red Hat Enterprise Linux 7phpFix deferred
Red Hat Enterprise Linux 8php:7.4/phpFix deferred
Red Hat Enterprise Linux 9phpFix deferred
Red Hat OpenShift AI (RHOAI)rhoai/odh-workbench-codeserver-datascience-cpu-py312-rhel9Fix deferred
Red Hat OpenShift Dev Spacesdevspaces/code-rhel9Fix deferred

Apply commands

bash fix
Apply RHSA-2026:22305 for Red Hat Enterprise Linux 8
yum update -y php:8
# or:
dnf upgrade -y php:8

OS impact
suse SUSE Affected 1 release
VersionStatusFixed in
โ€” Affected โ€”
windows Windows Affected 1 release
VersionStatusFixed in
โ€” Affected โ€”
almalinux AlmaLinux Fixed 2 releases
VersionStatusFixed in
9 Fixed apcu-panel-5.1.23-1.module_el9.6.0+151+5f31e576.noarch.rpm
8 Fixed apcu-panel-5.1.23-1.module_el8.10.0+3796+30ed3ef7.noarch.rpm
debian Debian Fixed 5 releases
VersionStatusFixed in
trixie Fixed 8.4.21-1~deb13u1
sid Fixed 8.4.21-1
forky Fixed 8.4.21-1
bullseye Fixed 7.4.33-1+deb11u11
bookworm Fixed 8.2.31-1~deb12u1
redhat Red Hat Fixed 2 releases
VersionStatusFixed in
9 Fixed โ€”
8 Fixed โ€”

Application impact
VendorProductVersionsFixed
php phpphp{"startIncluding":"8.2.0","endExcluding":"8.2.21"}8.2.21

References

CWEs

CWE-125

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.