Stats Digest Feeds
โ† Back to all CVEs

CVE-2026-59946

MEDIUM NVD
CVSS Score 6.1
Severity MEDIUM
Published Jul 08, 2026
Vendor unknown

Description

Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, a Composer package bin entry containing .. path segments can resolve outside the package install directory and cause Composer's binary installation flow to chmod an existing host file to a world-readable and world-executable mode during composer install, update, or require. This issue is fixed in versions 2.2.29 and 2.10.2.

References