Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
PHP Out-of-bounds Read Vulnerability - CVE-2026-7258 - Vulnerability Database
PHP

PHP Out-of-bounds Read Vulnerability - CVE-2026-7258

High
Reference: CVE-2026-7258
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2026-7258
Title: PHP Out-of-bounds Read Vulnerability
Overview:

In PHP versions 8.2. before 8.2.31 8.3. before 8.3.31 8.4. before 8.4.21 and 8.5. before 8.5.6 some functions including urldecode() pass signed char to ctype functions (likeisxdigit()). On the systems with default signed char and optimized table-lookup ctype functions - such as NetBSD - this can lead to accessing array with negative offset whichcan trigger a denial of service.