CVE-2026-7258 | PHP up to 8.2.30/8.3.30/8.4.20/8.5.5 urldecode out-of-bounds (GHSA-m8rr-4c36-8gq4)

A vulnerability described as problematic has been identified in PHP up to 8.2.30/8.3.30/8.4.20/8.5.5. This vulnerability affects the function urldecode. Such manipulation leads to out-of-bounds read.

This vulnerability is documented as CVE-2026-7258. The attack can be executed remotely. There is not any exploit available.

Upgrading the affected component is recommended.VulDB Recent EntriesRead More