SUSE-SU-2026:1784-1 Security update for php-composer2

This update for php-composer2 fixes the following issues: - CVE-2026-40176: arbitrary command injection via malicious Perforce repository definition bsc1262254. - CVE-2026-40261: arbitrary command injection via malicious Perforce source reference/url bsc1262255...

OPENSUSE-SU-2026:20670-1 Security update for php-composer2

This update for php-composer2 fixes the following issues: - CVE-2025-67746: ANSI control characters injection in terminal output of various Composer commands via attacker controlled remote sources bsc1255768. - CVE-2026-40176: arbitrary command injection via malicious Perforce repository definiti...

Important: composer

Issue Overview: Command injection via malicious Perforce repository definition CVE-2026-40176 Command injection via malicious Perforce source reference/url CVE-2026-40261 Affected Packages: composer Issue Correction: Run dnf update composer --releasever 2023.11.20260427 or dnf update --advisory...

BIT-COMPOSER-2026-40176 Composer is vulnerable to Command Injection via Malicious Perforce Repository

Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::generateP4Command method, which constructs shell commands by interpolating user-supplied Perforce connection parameters port, user, client without...

Exploit for CVE-2026-40176

CVE-2026-40176 Composer Perforce Repository Remote Code Ex...

FreeBSD : PHP Composer -- Multiple vulnerabilities (7a7a17b2-381c-11f1-a663-10ffe07f9334)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 7a7a17b2-381c-11f1-a663-10ffe07f9334 advisory. Composer project reports: Fixed command injection via malicious Perforce reference...

CVE-2026-40176

Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::generateP4Command method, which constructs shell commands by interpolating user-supplied Perforce connection parameters port, user, client without...

UBUNTU-CVE-2026-40176

Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::generateP4Command method, which constructs shell commands by interpolating user-supplied Perforce connection parameters port, user, client without...

CVE-2026-40176 Composer is vulnerable to Command Injection via Malicious Perforce Repository

Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::generateP4Command method, which constructs shell commands by interpolating user-supplied Perforce connection parameters port, user, client without...

PHP Composer -- Multiple vulnerabilities

Composer project reports: Fixed command injection via malicious Perforce reference GHSA-gqw4-4w2p-838q / CVE-2026-40261 Fixed command injection via malicious Perforce repository definition GHSA-wg36-wvj6-r67p / CVE-2026-40176...