CVE-2026-59946
EUVD-2026-4236008.07.2026, 20:16
Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, a Composer package bin entry containing .. path segments can resolve outside the package install directory and cause Composer's binary installation flow to chmod an existing host file to a world-readable and world-executable mode during composer install, update, or require. This issue is fixed in versions 2.2.29 and 2.10.2.
Awaiting analysis
This vulnerability is currently awaiting analysis.
Vulnerability Media Exposure
References