CVE-2026-40261 | Composer Perforce Reference command injection

A vulnerability identified as critical has been detected in Composer. This affects an unknown part of the component Perforce Reference Handler. This manipulation causes command injection.

This vulnerability is tracked as CVE-2026-40261. The attack is possible to be carried out remotely. No exploit exists.

You should upgrade the affected component.VulDB Recent EntriesRead More