Mageia 9 PHP Critical Security Advisory MGASA-2026-0127 CVE-2026-6735

mageia

May 13, 2026

MGASA-2026-0127 - Updated php packages fix security vulnerabilities

Summary

Description: FPM: Fixed GHSA-7qg2-v9fj-4mwv (XSS within status endpoint). (CVE-2026-6735) MBString: Fixed GHSA-wm6j-2649-pv75 (Null pointer dereference in php_mb_check_encoding() via mb_ereg_search_init()). (CVE-2026-7259) OpenSSL: Fix compatibility issues with OpenSSL 4.0. PDO_Firebird: Fixed GHSA-w476-322c-wpvm (SQL injection via NUL bytes in quoted strings). (CVE-2025-14179) SOAP: - Fixed GHSA-85c2-q967-79q5 (Stale SOAP_GLOBAL(ref_map) pointer with Apache Map). (CVE-2026-6722) - Fixed GHSA-m33r-qmcv-p97q (Use-after-free after header parsing failure with SOAP_PERSISTENCE_SESSION). (CVE-2026-7261) - Fixed GHSA-hmxp-6pc4-f3vv (Broken Apache map value NULL check). (CVE-2026-7262) Standard: - Fixed GHSA-96wq-48vp-hh57 (Signed integer overflow of char array offset). (CVE-2026-7568) - Fixed GHSA-m8rr-4c36-8gq4 (Consistently pass unsigned char to ctype.h functions). (CVE-2026-7258)

References

- https://bugs.mageia.org/show_bug.cgi?id=35481

- https://www.php.net/ChangeLog-8.php#8.2.31

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6735

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7259

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14179

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6722

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7261

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7262

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7568

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7258

Topics Covered

security advisory critical php remote code execution input validation Mageia

Resolution

SRPMS

- 9/core/php-8.2.31-1.mga9

Severity

critical

Lowest

Low

Medium

High

Critical

Publication date: 13 May 2026

URL: https://advisories.mageia.org/MGASA-2026-0127.html

Type: security

CVE: CVE-2026-6735, CVE-2026-7259, CVE-2025-14179, CVE-2026-6722, CVE-2026-7261, CVE-2026-7262, CVE-2026-7568, CVE-2026-7258

Topics Covered

security advisory critical php remote code execution input validation Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Mageia 9 PHP Critical Security Advisory MGASA-2026-0127 CVE-2026-6735

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Mageia 9 PHP Critical Security Advisory MGASA-2026-0127 CVE-2026-6735

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!