Critical PHP SOAP Extension Vulnerabilities Enable Remote Code Execution

PHP released emergency updates to fix five vulnerabilities, including two critical use-after-free flaws (CVE-2026-6722 and CVE-2026-7261) that allow unauthenticated remote code execution via the SOAP extension.