[CLSA-2026:1778670534] php: Fix of CVE-2026-6735
Type:
security
Severity:
Moderate
Release date:
2026-05-13 11:08:58 UTC
Description:
- CVE-2026-6735: HTML-encode proc.request_uri and tighten query_string entity flags in sapi/fpm/fpm/fpm_status.c to fix XSS in PHP-FPM status endpoint
Updated packages:
  • php-7.4.6-4.module_el8.4.0+2403+9ef80c59.tuxcare.els27.x86_64.rpm
    sha:1166ad811b11ac988e0fff00e9f13aa82e0145c19aaa5a56b714644f949ed731
  • php-bcmath-7.4.6-4.module_el8.4.0+2403+9ef80c59.tuxcare.els27.x86_64.rpm
    sha:43f25ce64e1ecf689f994cdfd3e5f910bc083243e84c03138b638b0152ed07ab
  • php-cli-7.4.6-4.module_el8.4.0+2403+9ef80c59.tuxcare.els27.x86_64.rpm
    sha:c11c86fc869f615344130d445123c1f75a542d1f38c70b179bffefd8bb3b6866
  • php-common-7.4.6-4.module_el8.4.0+2403+9ef80c59.tuxcare.els27.x86_64.rpm
    sha:798b434a27d7adf3872696dd5292fc848ebafe1085c0fbcafda28a92b1e038cb
  • php-dba-7.4.6-4.module_el8.4.0+2403+9ef80c59.tuxcare.els27.x86_64.rpm
    sha:271a54c79c1bcf5c3fb71563e52bfad24feba1e6764c902df4f31da5f7f886a2
  • php-dbg-7.4.6-4.module_el8.4.0+2403+9ef80c59.tuxcare.els27.x86_64.rpm
    sha:4b6b354d20c935a8d864fa494db54b810800da2fa9f6a2a41788e4121dabbdd4
  • php-devel-7.4.6-4.module_el8.4.0+2403+9ef80c59.tuxcare.els27.x86_64.rpm
    sha:5aa4d41cca467968f8b627c8f85f117ad3fd07eeca08b8f75b790b34952ca0e9
  • php-embedded-7.4.6-4.module_el8.4.0+2403+9ef80c59.tuxcare.els27.x86_64.rpm
    sha:c71275ac89983971cbfe5e822f11150d573a7b2333a28d67a2f598468548e028
  • php-enchant-7.4.6-4.module_el8.4.0+2403+9ef80c59.tuxcare.els27.x86_64.rpm
    sha:9c8d1932634157ecb3153d5593e18961d34b384e51068fab685a70dc837d6c73
  • php-ffi-7.4.6-4.module_el8.4.0+2403+9ef80c59.tuxcare.els27.x86_64.rpm
    sha:780cfd68eb43e2fc86f84d3ecdbf4a86ac8ddcc0bd4735ef78a4675411fa2f6b
  • php-fpm-7.4.6-4.module_el8.4.0+2403+9ef80c59.tuxcare.els27.x86_64.rpm
    sha:b340e8ea5c078b53304f7ae63adfb370dd28ff6feda1537f4ef4923238bf76bb
  • php-gd-7.4.6-4.module_el8.4.0+2403+9ef80c59.tuxcare.els27.x86_64.rpm
    sha:d29af53f9b9fddd1ce0a32990c5316943b5d4fd0eb2a6365c6f77bd535465265
  • php-gmp-7.4.6-4.module_el8.4.0+2403+9ef80c59.tuxcare.els27.x86_64.rpm
    sha:47f8f0dd11fa6a4c9dd8d3490610ba71e8d3bd96fa9c28c48701bae9b866921a
  • php-intl-7.4.6-4.module_el8.4.0+2403+9ef80c59.tuxcare.els27.x86_64.rpm
    sha:fb3d5481bea749ba8192b5030307435fecca94afa6a4de4f85d4477a3b5a8e95
  • php-json-7.4.6-4.module_el8.4.0+2403+9ef80c59.tuxcare.els27.x86_64.rpm
    sha:a7c68ece05a8be747bf17523eaea6a4ce40f3a5f1cb42dca030a0679bab20779
  • php-ldap-7.4.6-4.module_el8.4.0+2403+9ef80c59.tuxcare.els27.x86_64.rpm
    sha:01d0b85c4460040bdf6de8b0b48680a5434a79878a626fc94002f33aa2c372ff
  • php-mbstring-7.4.6-4.module_el8.4.0+2403+9ef80c59.tuxcare.els27.x86_64.rpm
    sha:96f88dc41001ce6a871c6a13e9588533fa84974aa40fefd199f57d1d6cd1a461
  • php-mysqlnd-7.4.6-4.module_el8.4.0+2403+9ef80c59.tuxcare.els27.x86_64.rpm
    sha:f05b69da2a04cb88e81ac597b3c98e1d727c690daf02a84aeb843a1047a5e480
  • php-odbc-7.4.6-4.module_el8.4.0+2403+9ef80c59.tuxcare.els27.x86_64.rpm
    sha:d08ce10c057cfe270446a8003d93ddadca6c6fa6850d5c258a97f27e539c05f6
  • php-opcache-7.4.6-4.module_el8.4.0+2403+9ef80c59.tuxcare.els27.x86_64.rpm
    sha:0052e9417d0061b96b6a3b879165a8892900ecbd05e9ea9e4e01f709f51dc366
  • php-pdo-7.4.6-4.module_el8.4.0+2403+9ef80c59.tuxcare.els27.x86_64.rpm
    sha:1e81edb3b2d833d5b837c67c68dd21bf2e5f338ae9ab45b3e54e427df083e7c3
  • php-pgsql-7.4.6-4.module_el8.4.0+2403+9ef80c59.tuxcare.els27.x86_64.rpm
    sha:c5c89a2f44efacc5c3497dbab33e61770283b990bdf215993b8a3a620aace234
  • php-process-7.4.6-4.module_el8.4.0+2403+9ef80c59.tuxcare.els27.x86_64.rpm
    sha:e1199305dd6dba150bc5a991f5cdc6080b2b10305c88aa2d433d40403cbe9bb2
  • php-snmp-7.4.6-4.module_el8.4.0+2403+9ef80c59.tuxcare.els27.x86_64.rpm
    sha:090c8872fa3d2d69aeb16d0da9edb7f18e7be0d3107958e64efb4414abcb4a32
  • php-soap-7.4.6-4.module_el8.4.0+2403+9ef80c59.tuxcare.els27.x86_64.rpm
    sha:cbeaad042798b02c6428a02ad616ee75abab928e38d3745fd0359f125f77f61e
  • php-xml-7.4.6-4.module_el8.4.0+2403+9ef80c59.tuxcare.els27.x86_64.rpm
    sha:bf1df8f3351a73ccffd4edd804aa3dff384cb4060d6c86764fd29d0712a471f8
  • php-xmlrpc-7.4.6-4.module_el8.4.0+2403+9ef80c59.tuxcare.els27.x86_64.rpm
    sha:949171871aeaa9d1096d761142582b042492982f8b5c23bee154fb9f54f6fe61
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.