CVE-2026-59882
The CVE affects guzzlehttp/psr7 (PSR-7 HTTP message library for PHP). Prior to version 2.12.3, Uri::assertValidHost() fails to reject authority delimiters, embedded ports, or malformed IPv6 brackets in host components, causing Uri::getHost() to disagree with the URI authority used for security or...