Skip to content

News
Cybercrime
Risk
Policy
Privacy
Research
Cloud
Insurance

LinkedIn
Facebook

CVE-2026-40176

Composer fixes two high-severity flaws that could allow command execution

News, Vendors, Vulnerabilities

April 15, 2026

Composer has fixed two high-severity command injection flaws that could allow arbitrary command execution through malicious Perforce data. The issues affect multiple PHP package manager releases and were addressed in version 2.9.6 and 2.2.27.

About
Editorial Policy
Privacy
Contact