PHP SOAP Typemap Null Deref Crash (8.2-8.5 pre 8.2.31/8.3.31/8.4.21/8.5.6)
CVE-2026-7262 Published on May 10, 2026
NULL pointer dereference in SOAP apache:Map decoder with missing <value>
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, when a SOAP server has a typemap configured, the decoding process contains a mistake which checks the wrong variable in case of missing value element. This leads to dereferences a NULL pointer, causing a segmentation fault. This allows a remote unauthenticated attacker to crash the PHP SOAP server process, resulting in denial of service.
Weakness Type
NULL Pointer Dereference
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit. NULL pointer dereference issues can occur through a number of flaws, including race conditions, and simple programming omissions.
Products Associated with CVE-2026-7262
stack.watch emails you whenever new vulnerabilities are published in PHP or Canonical Ubuntu Linux. Just hit a watch button to start following.
Affected Versions
PHP Group PHP:- Version 8.2.* and below 8.2.31 is affected.
- Version 8.3.* and below 8.3.31 is affected.
- Version 8.4.* and below 8.4.21 is affected.
- Version 8.5.* and below 8.5.6 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.