securityonline.info 7/6/2026, 4:22:47 AM · external

PHP Flaw CVE-2026-12184 Lets Attackers Crash Servers via TLS

PHP Flaw CVE-2026-12184 Lets Attackers Crash Servers via TLS
CyberSIXT Evidence Panel
Primary Source github.com
CISA KEV Not in KEV
Patch Patch Status Unknown

THE article discusses two significant vulnerabilities in PHP: CVE-2026-12184 and CVE-2026-14355. CVE-2026-12184, with a CVSS score of 8.2, is a remote DoS flaw that can crash PHP-FPM on TLS handshake failures. CVE-2026-14355, a lower severity issue (CVSS 4.8), leads to memory corruption in OpenSSL during specific operations. Both vulnerabilities have patches available, with recommended updates being PHP versions 8.2.32, 8.3.32, 8.4.23, and 8.5.8. No confirmed exploitation has yet been reported.

View Primary Source Via securityonline.info

Article by CyberSIXT