Is there a patch available for EUVD-2026-28970?

Yes, a patch is available for EUVD-2026-28970. Update the affected software to the latest version immediately.

PHP EUVD-2026-28970

Q: What is the CVSS score of EUVD-2026-28970?

EUVD-2026-28970 has a CVSS 4.0 base score of 6.3 (Medium). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:X/V:X/RE:M/U:Amber. EPSS exploitation probability: 0.0%.

| CVE-2026-7261 MEDIUM

Use After Free (CWE-416)

2026-05-07

PHP Information Disclosure Use After Free Memory Corruption Microsoft Suse

6.3

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:X/V:X/RE:M/U:Amber

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Source Code Evidence Fetched

May 10, 2026 - 05:24 vuln.today

Analysis Generated

May 10, 2026 - 05:24 vuln.today

CVSS changed

May 10, 2026 - 05:22 NVD

6.3 (MEDIUM)

CVE Published

May 07, 2026 - 17:18 nvd

UNKNOWN (no severity yet)

CVE Published

May 07, 2026 - 17:18 nvd

MEDIUM 6.3

Description PRE-NVD

Disclosed via GitHub release of php/php-src. NVD scoring and full description are pending.

AnalysisAI

Use-after-free memory corruption in PHP 8.2 prior to version 8.2.31 allows remote attackers to cause information disclosure or denial of service via network requests with low attack complexity. The vulnerability is addressed in PHP 8.2.31, released as a security update bundling fixes for eight CVEs including CVE-2026-7261. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory