Linuxsecurity
Critical XSS and Memory Vulnerabilities in Oracle PHP Releases
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Oracle has released important security updates for PHP versions 7.4 and 8.0, addressing multiple vulnerabilities including critical cross-site scripting (XSS) flaws and memory management issues. The updates fix CVE-2026-6735, which allows XSS attacks through the status endpoint, and CVE-2026-7259, which involves a null pointer dereference in the mb_check_encoding function. Other vulnerabilities include CVE-2026-6722, CVE-2026-7261, CVE-2026-7262, CVE-2026-7568, and CVE-2026-7258, all published on 2026-05-10. Affected systems include Oracle Linux 8 and 9, with specific updates for PHP 7.4 and 8.0. Users are urged to apply these patches immediately to mitigate potential exploitation risks. The vulnerabilities could lead to unauthorized access and data breaches if left unaddressed.
Key Points: • Critical XSS vulnerability (CVE-2026-6735) fixed in Oracle PHP updates. • Multiple memory management issues addressed in PHP versions 7.4 and 8.0. • Patches available for Oracle Linux 8 and 9; immediate application recommended.