logo

Critical PHP Vulnerabilities Enable DoS Attacks on Web Applications

ID: 0f13788a-1227-5a78-b735-3e7119c8ea5f

STIX ID: report--0f13788a-1227-5a78-b735-3e7119c8ea5f

Feed Name: ThreatCluster

Threat Score
55/100

Date Published: 2026-07-06

Date Updated: 2026-07-07

...
...

Two critical PHP vulnerabilities were disclosed: CVE-2026-12184, which can be remotely triggered to cause denial-of-service by crashing PHP-FPM during TLS initialization failures, and CVE-2026-14355, which causes memory corruption in PHP's OpenSSL extension due to incorrect buffer sizing. Both flaws affect multiple PHP versions prior to 8.3.32, 8.4.21, and 8.5.6, have been patched, and administrators are urged to update immediately to mitigate service disruption and instability.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.