Lucene search
K

Fedora 44 : php (2026-c66eaae759)

🗓️ 10 May 2026 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 21 Views

Fedora 44 PHP 8.5.6 fixes multiple vulnerabilities per FEDORA-2026-c66eaae759 advisory.

Related
Refs
Code
ReporterTitlePublishedViews
Family
ATTACKERKB
CVE-2026-6735
10 May 202603:27
attackerkb
ATTACKERKB
CVE-2025-14179
10 May 202603:51
attackerkb
ATTACKERKB
CVE-2026-6722
10 May 202604:19
attackerkb
ATTACKERKB
CVE-2026-29079
13 Mar 202617:19
attackerkb
ATTACKERKB
CVE-2026-7568
10 May 202603:42
attackerkb
ATTACKERKB
CVE-2026-29078
13 Mar 202617:18
attackerkb
ATTACKERKB
CVE-2026-7259
10 May 202604:13
attackerkb
ATTACKERKB
CVE-2026-7263
10 May 202604:43
attackerkb
ATTACKERKB
CVE-2026-7261
10 May 202604:07
attackerkb
ATTACKERKB
CVE-2026-7258
10 May 202604:28
attackerkb
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory FEDORA-2026-c66eaae759
#

include('compat.inc');

if (description)
{
  script_id(313734);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/05/15");

  script_cve_id(
    "CVE-2025-14179",
    "CVE-2026-6104",
    "CVE-2026-6722",
    "CVE-2026-6735",
    "CVE-2026-7258",
    "CVE-2026-7259",
    "CVE-2026-7261",
    "CVE-2026-7262",
    "CVE-2026-7263",
    "CVE-2026-7568",
    "CVE-2026-29078",
    "CVE-2026-29079"
  );
  script_xref(name:"FEDORA", value:"2026-c66eaae759");
  script_xref(name:"IAVA", value:"2026-A-0440");

  script_name(english:"Fedora 44 : php (2026-c66eaae759)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Fedora host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the
FEDORA-2026-c66eaae759 advisory.

    **PHP version 8.5.6** (07 May 2026)

    **Core:**

    * Fixed bug [GH-19983](https://github.com/php/php-src/issues/19983) (GC assertion failure with fibers,
    generators and destructors). (iliaal)
    * Fixed ZEND_API mismatch on zend_ce_closure forward decl for Windows+Clang. (henderkes)
    * Fixed bug [GH-21504](https://github.com/php/php-src/issues/21504) (Incorrect RC-handling for
    ZEND_EXT_STMT op1). (ilutov)
    * Fixed bug [GH-21478](https://github.com/php/php-src/issues/21478) (Forward property operations to real
    instance for initialized lazy proxies). (iliaal)
    * Fixed bug [GH-21605](https://github.com/php/php-src/issues/21605) (Missing addref for
    Countable::count()). (ilutov)
    * Fixed bug [GH-21699](https://github.com/php/php-src/issues/21699) (Assertion failure in
    shutdown_executor when resolving self::/parent::/static:: callables if the error handler throws).
    (macoaure)
    * Fixed bug [GH-21603](https://github.com/php/php-src/issues/21603) (Missing addref for __unset). (ilutov)
    * Fixed bug [GH-21760](https://github.com/php/php-src/issues/21760) (Trait with class constant name
    conflict against enum case causes SEGV). (Pratik Bhujel)

    **CLI:**

    * Fixed bug [GH-21754](https://github.com/php/php-src/issues/21754) (`--rf` command line option with a
    method triggers ext/reflection deprecation warnings). (DanielEScherzer)

    **Curl:**

    * Add support for brotli and zstd on Windows. (Shivam Mathur)

    **DOM:**

    * Fixed [GHSA-4jhr-8w89-j733](https://github.com/php/php-src/security/advisories/GHSA-4jhr-8w89-j733) and
    [GH-21566](https://github.com/php/php-src/issues/21566) (Dom\XMLDocument::C14N() emits duplicate xmlns
    declarations after setAttributeNS()). (**CVE-2026-7263**) (David Carlier)

    **FPM:**

    * Fixed [GHSA-7qg2-v9fj-4mwv](https://github.com/php/php-src/security/advisories/GHSA-7qg2-v9fj-4mwv) (XSS
    within status endpoint). (**CVE-2026-6735**) (Jakub Zelenka)

    **Iconv:**

    * Fixed bug [GH-17399](https://github.com/php/php-src/issues/17399) (iconv memory leak on bailout).
    (iliaal)

    **Lexbor:**

    * Upgrade to lexbor v2.7.0. (**CVE-2026-29078**, **CVE-2026-29079**) (ndossche, ilutov)

    **MBString:**

    * Fixed [GHSA-wm6j-2649-pv75](https://github.com/php/php-src/security/advisories/GHSA-wm6j-2649-pv75)
    (Null pointer dereference in php_mb_check_encoding() via mb_ereg_search_init()). (**CVE-2026-7259**)
    (vi3tL0u1s)
    * Fixed [GHSA-74r9-qxhc-fx53](https://github.com/php/php-src/security/advisories/GHSA-74r9-qxhc-fx53)
    (Out-of-bounds access in mbfl_name2encoding_ex()). (**CVE-2026-6104**) (ilutov)

    **Opcache:**

    * Fixed bug [GH-21158](https://github.com/php/php-src/issues/21158) (JIT: Assertion jit->ra[var].flags &
    (1<<0) failed in zend_jit_use_reg). (Arnaud)
    * Fixed bug [GH-21593](https://github.com/php/php-src/issues/21593) (Borked function JIT JMPNZ smart
    branch). (ilutov)
    * Fixed bug [GH-21460](https://github.com/php/php-src/issues/21460) (COND optimization regression).
    (Dmitry, Arnaud)
    * Fixed faulty returns out of zend_try block in zend_jit_trace(). (ilutov)

    **OpenSSL:**

    * Fix memory leak regression in openssl_pbkdf2(). (ndossche)
    * Fix a bunch of memory leaks and crashes on edge cases. (ndossche)

    **PDO_Firebird:**

    * Fixed [GHSA-w476-322c-wpvm](https://github.com/php/php-src/security/advisories/GHSA-w476-322c-wpvm) (SQL
    injection via NUL bytes in quoted strings). (**CVE-2025-14179**) (SakiTakamachi)

    **PDO_PGSQL:**

    * Fixed bug [GH-21683](https://github.com/php/php-src/issues/21683) (pdo_pgsql throws with ATTR_PREFETCH=0
    on empty result set). (thomasschiet)

    **Phar:**

    * Restore is_link handler in phar_intercept_functions_shutdown. (iliaal)
    * Fixed bug [GH-21797](https://github.com/php/php-src/issues/21797) (phar: NULL dereference in
    Phar::webPhar() when SCRIPT_NAME is absent from SAPI environment). (iliaal)
    * Fix memory leak in Phar::offsetGet(). (iliaal)
    * Fix memory leak in phar_add_file(). (iliaal)
    * Fixed bug [GH-21799](https://github.com/php/php-src/issues/21799) (phar: propagate phar_stream_flush
    return value from phar_stream_close). (iliaal)
    * Fix memory leak in phar_verify_signature() when md_ctx is invalid. (JarneClauw)

    **Random:**

    * Fixed bug [GH-21731](https://github.com/php/php-src/issues/21731)
    (Random\Engine\Xoshiro256StarStar::__unserialize() accepts all-zero state). (iliaal)

    **Session:**

    * Fixed memory leak when session GC callback return a refcounted value. (jorgsowa)

    **SOAP:**

    * Fixed [GHSA-85c2-q967-79q5](https://github.com/php/php-src/security/advisories/GHSA-85c2-q967-79q5)
    (Stale SOAP_GLOBAL(ref_map) pointer with Apache Map). (**CVE-2026-6722**) (ilutov)
    * Fixed [GHSA-m33r-qmcv-p97q](https://github.com/php/php-src/security/advisories/GHSA-m33r-qmcv-p97q)
    (Use-after-free after header parsing failure with SOAP_PERSISTENCE_SESSION). (**CVE-2026-7261**) (ilutov)
    * Fixed [GHSA-hmxp-6pc4-f3vv](https://github.com/php/php-src/security/advisories/GHSA-hmxp-6pc4-f3vv)
    (Broken Apache map value NULL check). (**CVE-2026-7262**) (ilutov)

    **SPL:**

    * Fixed bug [GH-21499](https://github.com/php/php-src/issues/21499) (RecursiveArrayIterator getChildren
    UAF after parent free). (Girgias)
    * Fix concurrent iteration and deletion issues in SplObjectStorage. (ndossche)

    **Sqlite3:**

    * Fixed wrong free list comparator pointer type. (David Carlier)

    **Standard:**

    * Fixed [GHSA-96wq-48vp-hh57](https://github.com/php/php-src/security/advisories/GHSA-96wq-48vp-hh57)
    (Signed integer overflow of char array offset). (**CVE-2026-7568**) (TimWolla)
    * Fixed [GHSA-m8rr-4c36-8gq4](https://github.com/php/php-src/security/advisories/GHSA-m8rr-4c36-8gq4)
    (Consistently pass unsigned char to ctype.h functions). (**CVE-2026-7258**) (ilutov)

    **Streams:**

    * Fixed bug [GH-21468](https://github.com/php/php-src/issues/21468) (Segfault in file_get_contents w/ a
    https URL and a proxy set). (ndossche)


Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2026-c66eaae759");
  script_set_attribute(attribute:"solution", value:
"Update the affected php package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss4_vector", value:"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H");
  script_set_attribute(attribute:"cvss4_supplemental", value:"CVSS:4.0/AU:Y/RE:M/U:Red");
  script_set_attribute(attribute:"cvss4_threat_vector", value:"CVSS:4.0/E:P");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2026-7261");
  script_set_attribute(attribute:"cvss4_score_source", value:"CVE-2026-6722");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2026/03/13");
  script_set_attribute(attribute:"patch_publication_date", value:"2026/05/06");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/05/10");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:44");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Fedora Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'Fedora' >!< os_product) audit(AUDIT_OS_NOT, 'Fedora');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');
if (! preg(pattern:"^44([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'Fedora 44', 'Fedora ' + os_version);

if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);

var constraints = [
  {
    'release': '44',
    'pkgs': [
      {'reference':'php-8.5.6-1.fc44', 'rpm_spec_vers_cmp':TRUE}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'php');
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

15 May 2026 00:00Current
5.9Medium risk
Vulners AI Score5.9
CVSS 3.18.2 - 9.8
CVSS 49.5
EPSS0.0078
SSVC
21