Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.4
Debian Linux: Unprivileged users can read sensitive files
DEBIAN-CVE-2026-6722
Summary
A security issue in Debian Linux allows unprivileged users to access sensitive files on the system. This could potentially allow an attacker to gain more access to the system. To fix this issue, update your Debian Linux installation to the latest version.
What to do
- Update debian php8.2 to version 8.2.31-1~deb12u1.
- Update debian php8.4 to version 8.4.21-1~deb13u1.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| Debian:11 | debian | php7.4 | All versions |
| Debian:12 | debian | php8.2 |
< 8.2.31-1~deb12u1 Fix: upgrade to 8.2.31-1~deb12u1
|
| Debian:13 | debian | php8.4 |
< 8.4.21-1~deb13u1 Fix: upgrade to 8.4.21-1~deb13u1
|
| Debian:14 | debian | php8.4 | All versions |
Original title
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the SOAP extension's object deduplication mechanism stores pointers to PHP objects in a global...
Original description
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the SOAP extension's object deduplication mechanism stores pointers to PHP objects in a global map without incrementing their reference counts. When an apache:Map node contains duplicate keys, processing the second entry overwrites the first in the temporary result map, freeing the original PHP object while its stale pointer remains in the map. A subsequent href reference to the freed node can copy the dangling pointer into the result. As PHP string allocations can reclaim the freed memory region, an attacker with control over the SOAP request body can exploit this use-after-free to achieve remote code execution.
- https://security-tracker.debian.org/tracker/CVE-2026-6722 Vendor Advisory
Published: 10 May 2026 · Updated: 13 May 2026 · First seen: 8 May 2026