Vulnerability intelligence
CVE-2026-40261
Official description is being retrieved from NVD — refresh shortly.
CVSS Score
—
Unrated
EPSS — Exploit Probability
0.0%
Riskier than 0% of all CVEs
Exploitation
Not in CISA KEV
No federal exploitation record
Remediation
unknown
Check vendor advisories
2 articles across 2 outlets · first covered Apr 14, 2026 · latest Apr 15, 2026
Coverage timeline
-
PHP Composer bugs enable RCE via Perforce VCS driversecurityaffairs.com · Apr 15, 2026
-
Composer Flaws Let Attackers Run Arbitrary Code via JSONthehackernews.com · Apr 14, 2026