PHP SOAP Use-After-Free RCE Vulnerability - 20260511001¶
Overview¶
A critical vulnerability has been identified in the PHP SOAP extension, involving a use-after-free condition that may allow an attacker to achieve remote code execution.
What is vulnerable?¶
| Product(s) Affected | Version(s) | CVE | CVSS | Severity |
|---|---|---|---|---|
| PHP (ext-soap) | < 8.2.31 < 8.3.31 < 8.4.21 < 8.5.6 |
CVE-2026-6722 | 9.5 | Critical |
What has been observed?¶
The WASOC has not received any reports of exploitation of this vulnerability on Western Australian Government networks at the time of writing.