Critical PHP Vulnerabilities Enable DoS Attacks on Web Applications
ID: 0f13788a-1227-5a78-b735-3e7119c8ea5f
STIX ID: report--0f13788a-1227-5a78-b735-3e7119c8ea5f
Feed Name: ThreatCluster
Threat Score
Two critical PHP vulnerabilities were disclosed: CVE-2026-12184, which can be remotely triggered to cause denial-of-service by crashing PHP-FPM during TLS initialization failures, and CVE-2026-14355, which causes memory corruption in PHP's OpenSSL extension due to incorrect buffer sizing. Both flaws affect multiple PHP versions prior to 8.3.32, 8.4.21, and 8.5.6, have been patched, and administrators are urged to update immediately to mitigate service disruption and instability.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
