{"uuid": "b863a65f-b11f-4af7-8f23-676ebae4e229", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2026-40261", "type": "seen", "source": "https://t.me/thehackernews/8803", "content": "\u26a0\ufe0f ALERT - Composer disclosed two command injection flaws (CVE-2026-40176 and CVE-2026-40261) with up to CVSS 8.8 severity.\n\nMalicious composer.json or crafted source refs can execute arbitrary commands\u2014even without Perforce installed. Affects multiple 2.x versions; patches released and metadata disabled as a precaution.\n\n\ud83d\udd17 Read \u2192 https://thehackernews.com/2026/04/new-php-composer-flaws-enable-arbitrary.html", "creation_timestamp": "2026-04-14T16:04:53.000000Z"}