FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

PHP Composer -- Multiple vulnerabilities

Affected packages
php82-composer < 2.9.6
php83-composer < 2.9.6
php84-composer < 2.9.6
php85-composer < 2.9.6

Details

VuXML ID 7a7a17b2-381c-11f1-a663-10ffe07f9334
Discovery 2026-04-14
Entry 2026-04-14

Composer project reports:

Fixed command injection via malicious Perforce reference (GHSA-gqw4-4w2p-838q / CVE-2026-40261)

Fixed command injection via malicious Perforce repository definition (GHSA-wg36-wvj6-r67p / CVE-2026-40176)

[source]

References

CVE Name CVE-2026-40176
CVE Name CVE-2026-40261
URL https://github.com/composer/composer/releases/tag/2.9.6

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.