PHP is a general-purpose scripting language that is especially suited for web development.

Debian GNU/Linux is a Linux distribution composed of free and open-source software.

Linux Debian

Fedora is a popular open-source, Linux-based operating system.

Linux Fedora

Echo is a secure, minimal Linux OS built vulnerability-free. It is fully compatible across environments and continuously patched - making it a clean, dependable base layer for modern applications. Echo is used by organizations focused on security and reliability, including those with compliance or FIPS requirements.

Echo

An issue was discovered in Roundcube Webmail before 1.5.15 and 1.6.15. The remote image blocking feature can be bypassed via SVG content in an e-mail message. This may lead to information disclosure or access-control bypass. This involves the animate element with attributeName=fill/filter/stroke.

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2026-40261	HIGH	8.8	PHP	composer	No	Yes	Apr 15, 2026
CVE-2026-40176	HIGH	7.8	PHP	composer	No	Yes	Apr 15, 2026
GHSA-xp4f-g2cm-rhg7	MEDIUM	6.9	PHP	pocketmine/pocketmine-mp	No	Yes	Apr 15, 2026
CVE-2026-40479	MEDIUM	5.4	PHP	kimai/kimai	No	Yes	Apr 15, 2026
CVE-2026-40486	MEDIUM	4.3	PHP	kimai/kimai	No	Yes	Apr 15, 2026

CVE-2026-35545:
PHP vulnerability analysis and mitigation

8.2

Related PHP vulnerabilities:

Benchmark your Cloud Security Posture

Additional Wiz resources

Cloud Vulnerability DB

Cloud Threat Landscape

PEACH

Ready to see Wiz in action?

CVE-2026-35545: PHP vulnerability analysis and mitigation