Gbhackers
Critical PHP Vulnerabilities Enable DoS Attacks on Web Applications
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Two critical vulnerabilities in PHP, CVE-2026-12184 and CVE-2026-14355, have been disclosed, posing significant risks to web applications. CVE-2026-12184 allows attackers to trigger denial-of-service (DoS) conditions by exploiting flaws in PHP's HTTP stream-handling logic during TLS initialization failures. This can lead to crashes of the PHP FastCGI Process Manager (PHP-FPM), affecting multiple PHP versions prior to 8.3.32, 8.4.21, and 8.5.6. The second vulnerability, CVE-2026-14355, involves memory corruption in PHP's OpenSSL extension due to improper buffer sizing, which could also lead to application instability. Both vulnerabilities have been patched, and users are urged to update their PHP installations immediately to mitigate risks. The vulnerabilities were identified through automated analysis techniques, highlighting the importance of robust security practices in web development.
Key Points: • CVE-2026-12184 allows remote DoS attacks by exploiting TLS initialization failures. • CVE-2026-14355 involves memory corruption due to improper buffer sizing in OpenSSL. • Website owners must update to patched PHP versions immediately to prevent service disruptions.