CVE-2026-7261CRITICAL 9.8EPSS p21.6%

CVE-2026-7261CVE-2026-7261

Description

In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, when SoapServer is configured with SOAP_PERSISTENCE_SESSION, the handler object is persisted across requests via session storage. However, in the case SOAP requests results in an error, the persistance is handled incorrectly, resulting in freeing the object while keeping a pointer to it, which may lead to use-after-free. This may lead to memory corruption, information disclosure, or process crashes, with confidentiality, integrity, and availability impact on the vulnerable system.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.30% probability of exploitation · percentile 21.6% · 2026-06-19T12:03:05Z
Published2026-05-10
Last modified2026-05-12

Underlying weaknesses· 1

CWE-416

References

  1. https://github.com/php/php-src/security/advisories/GHSA-m33r-qmcv-p97q

1

TypeTargetConfidenceTier
WeaknessUse After Freecwe-4160%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-6722
CVE
CVE-2026-2436
CVE
CVE-2026-42473
CVE
CVE-2026-42472
CVE
CVE-2026-37552
CVE
CVE-2026-6104
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.