{"id":"USN-8336-1","summary":"php8.1, php8.3, php8.4, php8.5 vulnerabilities","details":"Aleksey Solovev and Nikita Sveshnikov discovered that PHP improperly\nhandled NUL bytes when preparing SQL queries in the PDO Firebird driver. An\nattacker could possibly use this issue to perform SQL injection attacks.\n(CVE-2025-14179)\n\nIt was discovered that PHP incorrectly handled certain encoding names in\nmbstring. An attacker could possibly use this issue to obtain sensitive\ninformation or cause a denial of service. This issue only affected Ubuntu\n25.10 and Ubuntu 26.04 LTS. (CVE-2026-6104)\n\nIt was discovered that PHP incorrectly handled object references while\nparsing crafted SOAP requests. A remote attacker could possibly use this\nissue to execute arbitrary code. (CVE-2026-6722)\n\nIt was discovered that PHP incorrectly sanitized certain data in the\nPHP-FPM status page. A remote attacker could possibly use this issue to\ninject arbitrary JavaScript code. (CVE-2026-6735)\n\nIt was discovered that PHP had an encoding mismatch in mbstring. An\nattacker could possibly use this issue to cause PHP to crash, resulting in\na denial of service. (CVE-2026-7259)\n\nIt was discovered that PHP incorrectly handled SOAP session persistence\nafter errors. A remote attacker could possibly use this issue to obtain\nsensitive information or cause PHP to crash, resulting in a denial of\nservice. (CVE-2026-7261)\n\nIt was discovered that PHP incorrectly handled missing values in SOAP\ntypemap decoding. A remote attacker could possibly use this issue to cause\nPHP to crash, resulting in a denial of service. (CVE-2026-7262)\n\nIt was discovered that PHP incorrectly handled XML canonicalization in\nDOMNode::C14N(). An attacker could possibly use this issue to cause a\ndenial of service. This issue only affected Ubuntu 26.04 LTS.\n(CVE-2026-7263)\n\nIt was discovered that PHP incorrectly handled very long input in\nmetaphone(). An attacker could possibly use this issue to cause PHP to\ncrash, resulting in a denial of service. (CVE-2026-7568)","modified":"2026-05-28T16:02:42.132082882Z","published":"2026-05-28T13:31:37Z","related":["UBUNTU-CVE-2025-14179","UBUNTU-CVE-2026-6104","UBUNTU-CVE-2026-6722","UBUNTU-CVE-2026-6735","UBUNTU-CVE-2026-7259","UBUNTU-CVE-2026-7261","UBUNTU-CVE-2026-7262","UBUNTU-CVE-2026-7263","UBUNTU-CVE-2026-7568"],"upstream":["CVE-2025-14179","CVE-2026-6104","CVE-2026-6722","CVE-2026-6735","CVE-2026-7259","CVE-2026-7261","CVE-2026-7262","CVE-2026-7263","CVE-2026-7568","UBUNTU-CVE-2025-14179","UBUNTU-CVE-2026-6104","UBUNTU-CVE-2026-6722","UBUNTU-CVE-2026-6735","UBUNTU-CVE-2026-7259","UBUNTU-CVE-2026-7261","UBUNTU-CVE-2026-7262","UBUNTU-CVE-2026-7263","UBUNTU-CVE-2026-7568"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-8336-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2025-14179"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-6104"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-6722"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-6735"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-7259"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-7261"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-7262"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-7263"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-7568"}],"affected":[{"package":{"name":"php8.1","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/php8.1?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.1.2-1ubuntu2.24"}]}],"versions":["8.1.0~rc4-1ubuntu2","8.1.0-1","8.1.2-1ubuntu1","8.1.2-1ubuntu2","8.1.2-1ubuntu2.1","8.1.2-1ubuntu2.2","8.1.2-1ubuntu2.3","8.1.2-1ubuntu2.4","8.1.2-1ubuntu2.5","8.1.2-1ubuntu2.6","8.1.2-1ubuntu2.8","8.1.2-1ubuntu2.9","8.1.2-1ubuntu2.10","8.1.2-1ubuntu2.11","8.1.2-1ubuntu2.13","8.1.2-1ubuntu2.14","8.1.2-1ubuntu2.15","8.1.2-1ubuntu2.17","8.1.2-1ubuntu2.18","8.1.2-1ubuntu2.19","8.1.2-1ubuntu2.20","8.1.2-1ubuntu2.21","8.1.2-1ubuntu2.22","8.1.2-1ubuntu2.23"],"ecosystem_specific":{"binaries":[{"binary_version":"8.1.2-1ubuntu2.24","binary_name":"libapache2-mod-php7.4"},{"binary_version":"8.1.2-1ubuntu2.24","binary_name":"libapache2-mod-php8.0"},{"binary_name":"libapache2-mod-php8.1","binary_version":"8.1.2-1ubuntu2.24"},{"binary_name":"libphp8.1-embed","binary_version":"8.1.2-1ubuntu2.24"},{"binary_name":"php8.1","binary_version":"8.1.2-1ubuntu2.24"},{"binary_version":"8.1.2-1ubuntu2.24","binary_name":"php8.1-bcmath"},{"binary_name":"php8.1-bz2","binary_version":"8.1.2-1ubuntu2.24"},{"binary_version":"8.1.2-1ubuntu2.24","binary_name":"php8.1-cgi"},{"binary_version":"8.1.2-1ubuntu2.24","binary_name":"php8.1-cli"},{"binary_name":"php8.1-common","binary_version":"8.1.2-1ubuntu2.24"},{"binary_version":"8.1.2-1ubuntu2.24","binary_name":"php8.1-curl"},{"binary_name":"php8.1-dba","binary_version":"8.1.2-1ubuntu2.24"},{"binary_name":"php8.1-enchant","binary_version":"8.1.2-1ubuntu2.24"},{"binary_version":"8.1.2-1ubuntu2.24","binary_name":"php8.1-fpm"},{"binary_version":"8.1.2-1ubuntu2.24","binary_name":"php8.1-gd"},{"binary_version":"8.1.2-1ubuntu2.24","binary_name":"php8.1-gmp"},{"binary_version":"8.1.2-1ubuntu2.24","binary_name":"php8.1-imap"},{"binary_version":"8.1.2-1ubuntu2.24","binary_name":"php8.1-interbase"},{"binary_version":"8.1.2-1ubuntu2.24","binary_name":"php8.1-intl"},{"binary_name":"php8.1-ldap","binary_version":"8.1.2-1ubuntu2.24"},{"binary_name":"php8.1-mbstring","binary_version":"8.1.2-1ubuntu2.24"},{"binary_version":"8.1.2-1ubuntu2.24","binary_name":"php8.1-mysql"},{"binary_version":"8.1.2-1ubuntu2.24","binary_name":"php8.1-odbc"},{"binary_version":"8.1.2-1ubuntu2.24","binary_name":"php8.1-opcache"},{"binary_name":"php8.1-pgsql","binary_version":"8.1.2-1ubuntu2.24"},{"binary_version":"8.1.2-1ubuntu2.24","binary_name":"php8.1-phpdbg"},{"binary_version":"8.1.2-1ubuntu2.24","binary_name":"php8.1-pspell"},{"binary_version":"8.1.2-1ubuntu2.24","binary_name":"php8.1-readline"},{"binary_version":"8.1.2-1ubuntu2.24","binary_name":"php8.1-snmp"},{"binary_name":"php8.1-soap","binary_version":"8.1.2-1ubuntu2.24"},{"binary_version":"8.1.2-1ubuntu2.24","binary_name":"php8.1-sqlite3"},{"binary_version":"8.1.2-1ubuntu2.24","binary_name":"php8.1-sybase"},{"binary_version":"8.1.2-1ubuntu2.24","binary_name":"php8.1-tidy"},{"binary_version":"8.1.2-1ubuntu2.24","binary_name":"php8.1-xml"},{"binary_name":"php8.1-xsl","binary_version":"8.1.2-1ubuntu2.24"},{"binary_version":"8.1.2-1ubuntu2.24","binary_name":"php8.1-zip"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8336-1.json","cves_map":{"cves":[{"id":"CVE-2025-14179","severity":[{"score":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/AU:Y/RE:M/U:Amber","type":"CVSS_V4"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-6722","severity":[{"score":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/AU:Y/RE:M/U:Red","type":"CVSS_V4"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-6735","severity":[{"score":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:P/S:P/AU:Y/RE:L/U:Amber","type":"CVSS_V4"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"severity":[{"score":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/AU:Y/U:Amber","type":"CVSS_V4"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-7259"},{"severity":[{"score":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/S:P/AU:Y/RE:M/U:Amber","type":"CVSS_V4"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-7261"},{"id":"CVE-2026-7262","severity":[{"score":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/AU:Y/RE:M/U:Amber","type":"CVSS_V4"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"severity":[{"score":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/RE:L/U:Amber","type":"CVSS_V4"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-7568"}],"ecosystem":"Ubuntu:22.04:LTS"}}},{"package":{"name":"php8.3","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/php8.3?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.3.6-0ubuntu0.24.04.9"}]}],"versions":["8.3.0-1","8.3.0-1ubuntu1","8.3.4-1","8.3.4-1build1","8.3.6-0maysync1","8.3.6-0ubuntu0.24.04.1","8.3.6-0ubuntu0.24.04.2","8.3.6-0ubuntu0.24.04.3","8.3.6-0ubuntu0.24.04.4","8.3.6-0ubuntu0.24.04.5","8.3.6-0ubuntu0.24.04.6","8.3.6-0ubuntu0.24.04.7","8.3.6-0ubuntu0.24.04.8"],"ecosystem_specific":{"binaries":[{"binary_name":"libapache2-mod-php8.3","binary_version":"8.3.6-0ubuntu0.24.04.9"},{"binary_name":"libphp8.3-embed","binary_version":"8.3.6-0ubuntu0.24.04.9"},{"binary_version":"8.3.6-0ubuntu0.24.04.9","binary_name":"php8.3"},{"binary_version":"8.3.6-0ubuntu0.24.04.9","binary_name":"php8.3-bcmath"},{"binary_name":"php8.3-bz2","binary_version":"8.3.6-0ubuntu0.24.04.9"},{"binary_name":"php8.3-cgi","binary_version":"8.3.6-0ubuntu0.24.04.9"},{"binary_name":"php8.3-cli","binary_version":"8.3.6-0ubuntu0.24.04.9"},{"binary_version":"8.3.6-0ubuntu0.24.04.9","binary_name":"php8.3-common"},{"binary_name":"php8.3-curl","binary_version":"8.3.6-0ubuntu0.24.04.9"},{"binary_version":"8.3.6-0ubuntu0.24.04.9","binary_name":"php8.3-dba"},{"binary_name":"php8.3-enchant","binary_version":"8.3.6-0ubuntu0.24.04.9"},{"binary_name":"php8.3-fpm","binary_version":"8.3.6-0ubuntu0.24.04.9"},{"binary_version":"8.3.6-0ubuntu0.24.04.9","binary_name":"php8.3-gd"},{"binary_version":"8.3.6-0ubuntu0.24.04.9","binary_name":"php8.3-gmp"},{"binary_version":"8.3.6-0ubuntu0.24.04.9","binary_name":"php8.3-imap"},{"binary_version":"8.3.6-0ubuntu0.24.04.9","binary_name":"php8.3-interbase"},{"binary_name":"php8.3-intl","binary_version":"8.3.6-0ubuntu0.24.04.9"},{"binary_version":"8.3.6-0ubuntu0.24.04.9","binary_name":"php8.3-ldap"},{"binary_version":"8.3.6-0ubuntu0.24.04.9","binary_name":"php8.3-mbstring"},{"binary_version":"8.3.6-0ubuntu0.24.04.9","binary_name":"php8.3-mysql"},{"binary_version":"8.3.6-0ubuntu0.24.04.9","binary_name":"php8.3-odbc"},{"binary_name":"php8.3-opcache","binary_version":"8.3.6-0ubuntu0.24.04.9"},{"binary_name":"php8.3-pgsql","binary_version":"8.3.6-0ubuntu0.24.04.9"},{"binary_name":"php8.3-phpdbg","binary_version":"8.3.6-0ubuntu0.24.04.9"},{"binary_version":"8.3.6-0ubuntu0.24.04.9","binary_name":"php8.3-pspell"},{"binary_version":"8.3.6-0ubuntu0.24.04.9","binary_name":"php8.3-readline"},{"binary_name":"php8.3-snmp","binary_version":"8.3.6-0ubuntu0.24.04.9"},{"binary_name":"php8.3-soap","binary_version":"8.3.6-0ubuntu0.24.04.9"},{"binary_version":"8.3.6-0ubuntu0.24.04.9","binary_name":"php8.3-sqlite3"},{"binary_version":"8.3.6-0ubuntu0.24.04.9","binary_name":"php8.3-sybase"},{"binary_version":"8.3.6-0ubuntu0.24.04.9","binary_name":"php8.3-tidy"},{"binary_version":"8.3.6-0ubuntu0.24.04.9","binary_name":"php8.3-xml"},{"binary_version":"8.3.6-0ubuntu0.24.04.9","binary_name":"php8.3-xsl"},{"binary_name":"php8.3-zip","binary_version":"8.3.6-0ubuntu0.24.04.9"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8336-1.json","cves_map":{"cves":[{"severity":[{"score":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/AU:Y/RE:M/U:Amber","type":"CVSS_V4"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2025-14179"},{"severity":[{"score":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/AU:Y/RE:M/U:Red","type":"CVSS_V4"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-6722"},{"severity":[{"score":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:P/S:P/AU:Y/RE:L/U:Amber","type":"CVSS_V4"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-6735"},{"id":"CVE-2026-7259","severity":[{"score":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/AU:Y/U:Amber","type":"CVSS_V4"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"severity":[{"score":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/S:P/AU:Y/RE:M/U:Amber","type":"CVSS_V4"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-7261"},{"id":"CVE-2026-7262","severity":[{"score":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/AU:Y/RE:M/U:Amber","type":"CVSS_V4"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"severity":[{"score":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/RE:L/U:Amber","type":"CVSS_V4"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-7568"}],"ecosystem":"Ubuntu:24.04:LTS"}}},{"package":{"name":"php8.4","ecosystem":"Ubuntu:25.10","purl":"pkg:deb/ubuntu/php8.4?arch=source&distro=questing"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.4.11-1ubuntu1.2"}]}],"versions":["8.4.5-1ubuntu1","8.4.8-1ubuntu1","8.4.11-1ubuntu1","8.4.11-1ubuntu1.1"],"ecosystem_specific":{"binaries":[{"binary_version":"8.4.11-1ubuntu1.2","binary_name":"libapache2-mod-php8.4"},{"binary_version":"8.4.11-1ubuntu1.2","binary_name":"libphp8.4-embed"},{"binary_version":"8.4.11-1ubuntu1.2","binary_name":"php8.4"},{"binary_version":"8.4.11-1ubuntu1.2","binary_name":"php8.4-bcmath"},{"binary_name":"php8.4-bz2","binary_version":"8.4.11-1ubuntu1.2"},{"binary_version":"8.4.11-1ubuntu1.2","binary_name":"php8.4-cgi"},{"binary_version":"8.4.11-1ubuntu1.2","binary_name":"php8.4-cli"},{"binary_version":"8.4.11-1ubuntu1.2","binary_name":"php8.4-common"},{"binary_name":"php8.4-curl","binary_version":"8.4.11-1ubuntu1.2"},{"binary_name":"php8.4-dba","binary_version":"8.4.11-1ubuntu1.2"},{"binary_name":"php8.4-enchant","binary_version":"8.4.11-1ubuntu1.2"},{"binary_name":"php8.4-fpm","binary_version":"8.4.11-1ubuntu1.2"},{"binary_version":"8.4.11-1ubuntu1.2","binary_name":"php8.4-gd"},{"binary_version":"8.4.11-1ubuntu1.2","binary_name":"php8.4-gmp"},{"binary_name":"php8.4-interbase","binary_version":"8.4.11-1ubuntu1.2"},{"binary_name":"php8.4-intl","binary_version":"8.4.11-1ubuntu1.2"},{"binary_version":"8.4.11-1ubuntu1.2","binary_name":"php8.4-ldap"},{"binary_name":"php8.4-mbstring","binary_version":"8.4.11-1ubuntu1.2"},{"binary_name":"php8.4-mysql","binary_version":"8.4.11-1ubuntu1.2"},{"binary_version":"8.4.11-1ubuntu1.2","binary_name":"php8.4-odbc"},{"binary_version":"8.4.11-1ubuntu1.2","binary_name":"php8.4-opcache"},{"binary_name":"php8.4-pgsql","binary_version":"8.4.11-1ubuntu1.2"},{"binary_version":"8.4.11-1ubuntu1.2","binary_name":"php8.4-phpdbg"},{"binary_version":"8.4.11-1ubuntu1.2","binary_name":"php8.4-readline"},{"binary_version":"8.4.11-1ubuntu1.2","binary_name":"php8.4-snmp"},{"binary_version":"8.4.11-1ubuntu1.2","binary_name":"php8.4-soap"},{"binary_name":"php8.4-sqlite3","binary_version":"8.4.11-1ubuntu1.2"},{"binary_name":"php8.4-sybase","binary_version":"8.4.11-1ubuntu1.2"},{"binary_version":"8.4.11-1ubuntu1.2","binary_name":"php8.4-tidy"},{"binary_version":"8.4.11-1ubuntu1.2","binary_name":"php8.4-xml"},{"binary_name":"php8.4-xsl","binary_version":"8.4.11-1ubuntu1.2"},{"binary_version":"8.4.11-1ubuntu1.2","binary_name":"php8.4-zip"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8336-1.json","cves_map":{"cves":[{"id":"CVE-2025-14179","severity":[{"score":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/AU:Y/RE:M/U:Amber","type":"CVSS_V4"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"severity":[{"score":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:L/SI:N/SA:L/RE:M/U:Amber","type":"CVSS_V4"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-6104"},{"id":"CVE-2026-6722","severity":[{"score":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/AU:Y/RE:M/U:Red","type":"CVSS_V4"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"severity":[{"score":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:P/S:P/AU:Y/RE:L/U:Amber","type":"CVSS_V4"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-6735"},{"severity":[{"score":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/AU:Y/U:Amber","type":"CVSS_V4"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-7259"},{"id":"CVE-2026-7261","severity":[{"score":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/S:P/AU:Y/RE:M/U:Amber","type":"CVSS_V4"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-7262","severity":[{"score":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/AU:Y/RE:M/U:Amber","type":"CVSS_V4"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-7568","severity":[{"score":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/RE:L/U:Amber","type":"CVSS_V4"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}],"ecosystem":"Ubuntu:25.10"}}},{"package":{"name":"php8.5","ecosystem":"Ubuntu:26.04:LTS","purl":"pkg:deb/ubuntu/php8.5?arch=source&distro=resolute"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.5.4-0ubuntu1.1"}]}],"versions":["8.5.2-0ubuntu1","8.5.4-0ubuntu1"],"ecosystem_specific":{"binaries":[{"binary_version":"8.5.4-0ubuntu1.1","binary_name":"libapache2-mod-php8.5"},{"binary_version":"8.5.4-0ubuntu1.1","binary_name":"libphp8.5-embed"},{"binary_name":"php8.5","binary_version":"8.5.4-0ubuntu1.1"},{"binary_version":"8.5.4-0ubuntu1.1","binary_name":"php8.5-bcmath"},{"binary_version":"8.5.4-0ubuntu1.1","binary_name":"php8.5-bz2"},{"binary_version":"8.5.4-0ubuntu1.1","binary_name":"php8.5-cgi"},{"binary_name":"php8.5-cli","binary_version":"8.5.4-0ubuntu1.1"},{"binary_version":"8.5.4-0ubuntu1.1","binary_name":"php8.5-common"},{"binary_version":"8.5.4-0ubuntu1.1","binary_name":"php8.5-curl"},{"binary_version":"8.5.4-0ubuntu1.1","binary_name":"php8.5-dba"},{"binary_version":"8.5.4-0ubuntu1.1","binary_name":"php8.5-enchant"},{"binary_version":"8.5.4-0ubuntu1.1","binary_name":"php8.5-fpm"},{"binary_version":"8.5.4-0ubuntu1.1","binary_name":"php8.5-gd"},{"binary_name":"php8.5-gmp","binary_version":"8.5.4-0ubuntu1.1"},{"binary_name":"php8.5-interbase","binary_version":"8.5.4-0ubuntu1.1"},{"binary_version":"8.5.4-0ubuntu1.1","binary_name":"php8.5-intl"},{"binary_version":"8.5.4-0ubuntu1.1","binary_name":"php8.5-ldap"},{"binary_name":"php8.5-litespeed","binary_version":"8.5.4-0ubuntu1.1"},{"binary_version":"8.5.4-0ubuntu1.1","binary_name":"php8.5-mbstring"},{"binary_name":"php8.5-mysql","binary_version":"8.5.4-0ubuntu1.1"},{"binary_version":"8.5.4-0ubuntu1.1","binary_name":"php8.5-odbc"},{"binary_version":"8.5.4-0ubuntu1.1","binary_name":"php8.5-pgsql"},{"binary_version":"8.5.4-0ubuntu1.1","binary_name":"php8.5-phpdbg"},{"binary_version":"8.5.4-0ubuntu1.1","binary_name":"php8.5-readline"},{"binary_name":"php8.5-snmp","binary_version":"8.5.4-0ubuntu1.1"},{"binary_version":"8.5.4-0ubuntu1.1","binary_name":"php8.5-soap"},{"binary_name":"php8.5-sqlite3","binary_version":"8.5.4-0ubuntu1.1"},{"binary_version":"8.5.4-0ubuntu1.1","binary_name":"php8.5-sybase"},{"binary_name":"php8.5-tidy","binary_version":"8.5.4-0ubuntu1.1"},{"binary_name":"php8.5-xml","binary_version":"8.5.4-0ubuntu1.1"},{"binary_name":"php8.5-xsl","binary_version":"8.5.4-0ubuntu1.1"},{"binary_name":"php8.5-zip","binary_version":"8.5.4-0ubuntu1.1"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8336-1.json","cves_map":{"cves":[{"severity":[{"score":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/AU:Y/RE:M/U:Amber","type":"CVSS_V4"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2025-14179"},{"severity":[{"score":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:L/SI:N/SA:L/RE:M/U:Amber","type":"CVSS_V4"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-6104"},{"severity":[{"score":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/AU:Y/RE:M/U:Red","type":"CVSS_V4"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-6722"},{"severity":[{"score":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:P/S:P/AU:Y/RE:L/U:Amber","type":"CVSS_V4"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-6735"},{"severity":[{"score":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/AU:Y/U:Amber","type":"CVSS_V4"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-7259"},{"severity":[{"score":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/S:P/AU:Y/RE:M/U:Amber","type":"CVSS_V4"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-7261"},{"severity":[{"score":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/AU:Y/RE:M/U:Amber","type":"CVSS_V4"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-7262"},{"severity":[{"score":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/AU:Y/RE:M/U:Amber","type":"CVSS_V4"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-7263"},{"id":"CVE-2026-7568","severity":[{"score":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/RE:L/U:Amber","type":"CVSS_V4"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}],"ecosystem":"Ubuntu:26.04:LTS"}}}],"schema_version":"1.7.5"}