Copyright © 2012 Red Hat, Inc. All rights reserved. Moderate 2026-05-10T04:13:26 php: NULL pointer dereference in php_mb_check_encoding() via mb_ereg_search_init() 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CWE-476

In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, a mismatch between encoding lists in Oniguruma and mbfl leads to  a NULL pointer dereference, resulting in a segmentation fault and denial of service. The vulnerability is exploitable when user-controlled input can influence the encoding passed to mb_regex_encoding().

A flaw was found in PHP. When an attacker input can influence the encoding passed to `mb_regex_encoding()` and the application subsequently uses mbregex search APIs, a NULL pointer dereference can occur due to a mismatch between the Oniguruma and mbfl encoding support. This issue can cause a crash in the PHP process, resulting in a denial of service.

To exploit this issue, an attacker needs to be able to influence the encoding passed to `mb_regex_encoding()` in a way that triggers a mismatch between the Oniguruma and mbfl encoding support. Also, the application must use the mbregex search APIs, allowing the attacker to cause a NULL pointer dereference. Due to these reasons, this flaw has been rated with a moderate severity. To mitigate this vulnerability, implement an encoding validation mechanism to reject the specific encodings and aliases that cause the mismatch between Oniguruma and mbfl. The following encodings and aliases are known to trigger this issue: iso-8859-11 and ISO8859-11, UJIS (EUC-JP alias), GB-2312 (EUC-CN alias), KOI-8R (KOI8 alias), and US_ASCII or ISO646 (ASCII aliases). Red Hat Enterprise Linux 10 2026-06-04T00:00:00Z RHSA-2026:23388 php-0:8.3.31-1.el10_2 Red Hat Enterprise Linux 10 Fix deferred php8.4 Red Hat Enterprise Linux 6 Not affected php Red Hat Enterprise Linux 7 Not affected php Red Hat Enterprise Linux 8 Not affected php:7.4/php Red Hat Enterprise Linux 8 Fix deferred php:8.2/php Red Hat Enterprise Linux 9 Not affected php Red Hat Enterprise Linux 9 Fix deferred php:8.2/php Red Hat Enterprise Linux 9 Fix deferred php:8.3/php Red Hat Hardened Images Not affected php https://www.cve.org/CVERecord?id=CVE-2026-7259 https://nvd.nist.gov/vuln/detail/CVE-2026-7259 https://github.com/php/php-src/security/advisories/GHSA-wm6j-2649-pv75