PT-2026-39457 · Php+2 · Php+2

Akshay Jain

Published

2026-05-10

Updated

2026-05-28

CVE-2026-6104

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions PHP versions 8.4.0 through 8.4.20 PHP versions 8.5.0 through 8.5.5

Description An issue exists in the mbstring extension where passing an encoding name containing an embedded NUL byte to certain functions causes the code to incorrectly assume strings are of equal length when strncasecmp() returns 0. This can result in an out-of-bounds read of global memory, which may lead to information disclosure or a system crash. Affected functions include mb convert encoding(), mb detect encoding(), mb convert variables(), and mb detect order(). Additionally, the mbstring.detect order and mbstring.http output INI settings are affected.

Recommendations Update PHP version 8.4.x to 8.4.21. Update PHP version 8.5.x to 8.5.6.

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

BIT-LIBPHP-2026-6104

BIT-PHP-2026-6104

BIT-PHP-MIN-2026-6104

CVE-2026-6104

OPENSUSE-SU-2026:10747-1

RHSA-2026:22649

USN-8336-1

Affected Products

Linuxmint

Php

Ubuntu

PT-2026-39457 · Php+2 · Php+2

CVE-2026-6104

Weakness Enumeration

Related Identifiers

Affected Products

References · 38