SUSE-SU-2026:1784-1

See a problem?
Please try reporting it to the source first.

Source

https://www.suse.com/support/update/announcement/2026/suse-su-20261784-1/

Import Source

https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:1784-1.json

JSON Data

https://api.test.osv.dev/v1/vulns/SUSE-SU-2026:1784-1

Upstream

CVE-2026-40176

CVE-2026-40261

Related

Published

2026-05-08T17:05:56Z

Modified

2026-05-12T18:24:26.613452776Z

Summary

Security update for php-composer2

Details

This update for php-composer2 fixes the following issues:

CVE-2026-40176: arbitrary command injection via malicious Perforce repository definition (bsc#1262254).
CVE-2026-40261: arbitrary command injection via malicious Perforce source reference/url (bsc#1262255).

References

Affected packages