New PHP Composer Flaws Enable Arbitrary Command Execution — Patches Released

2 months ago [email protected] (The Hacker News)
New PHP Composer Flaws Enable Arbitrary Command Execution — Patches Released


Two high-severity security vulnerabilities have been disclosed in Composer, a package manager for PHP, that, if successfully exploited, could result in arbitrary command execution.
The vulnerabilities have been described as command injection flaws affecting the Perforce VCS (version control software) driver. Details of the two flaws are below –

CVE-2026-40176 (CVSS

The post “New PHP Composer Flaws Enable Arbitrary Command Execution — Patches Released” appeared first on The Hacker News

Source:The Hacker News – [email protected] (The Hacker News)

Tags: , , ,

More Stories

Google Vertex AI SDK Flaw Let Attackers Hijack Model Uploads via Bucket Squatting

3 hours ago [email protected] (The Hacker News)

ClickFix Campaigns Expand Malware Delivery With New Loaders and Fake Update Lures

5 hours ago [email protected] (The Hacker News)

New Rokarolla Android Malware Steals PINs, SMS Codes, and Crypto Wallet Funds

9 hours ago [email protected] (The Hacker News)

Survey: 94% of Incidents Involve Anonymized Infrastructure. Teams Are Still Reactive

11 hours ago [email protected] (The Hacker News)

Attackers Exploit Three Fortinet FortiSandbox Flaws, One Patched Last Week

12 hours ago [email protected] (The Hacker News)

China-Linked SprySOCKS Backdoor Expands to Windows with Driver-Based Stealth

13 hours ago [email protected] (The Hacker News)