Post #8803

⚠️ ALERT - Composer disclosed two command injection flaws (CVE-2026-40176 and CVE-2026-40261) with up to CVSS 8.8 severity. Malicious composer.json or crafted source refs can execute arbitrary commands—even without Perforce installed. Affects multiple 2.x versions; patches released and metadata disabled as a precaution. 🔗 Read → https://thehackernews.com/2026/04/new-php-composer-flaws-enable-arbitrary.html