NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-7259

Summary	In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, a mismatch between encoding lists in Oniguruma and mbfl leads to a NULL pointer dereference, resulting in a segmentation fault and denial of service. The vulnerability is exploitable when user-controlled input can influence the encoding passed to mb_regex_encoding().
Publication Date	May 10, 2026, 2:16 p.m.
Registration Date	May 11, 2026, 4:08 a.m.
Last Update	May 10, 2026, 2:16 p.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://github.com/php/php-src/security/advisories/GHSA-wm6j-2649-pv75	security@php.net

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-476	NULL ポインタデリファレンス	https://cwe.mitre.org/data/definitions/476.html