CVE-2026-40176 | Composer up to 2.2.26/2.9.5 generateP4Command input validation (GHSA-wg36-wvj6-r67p)

A vulnerability marked as problematic has been reported in Composer up to 2.2.26/2.9.5. This issue affects the function Perforce::generateP4Command. This manipulation causes improper input validation.

This vulnerability appears as CVE-2026-40176. The attack requires local access. There is no available exploit.

It is suggested to upgrade the affected component.VulDB Recent EntriesRead More