CVE-2026-6104 | PHP up to 8.4.20/8.5.5 out-of-bounds (GHSA-74r9-qxhc-fx53)

May 10, 2026 Yanac

A vulnerability was found in PHP up to 8.4.20/8.5.5. It has been classified as critical. The impacted element is the function mb_convert_encoding/mb_detect_encoding/mb_convert_variables/mb_detect_order. This manipulation causes out-of-bounds read.

The identification of this vulnerability is CVE-2026-6104. It is possible to initiate the attack remotely. There is no exploit available.

Upgrading the affected component is recommended.VulDB Recent EntriesRead More