Security Advisories - PKSA-t5r2-p5q9-mtpn - Packagist.org

PKSA-t5r2-p5q9-mtpn Security Advisory

[HIGH] Command injection via malicious Perforce source reference/url

PKSA-t5r2-p5q9-mtpn CVE-2026-40261 GHSA-gqw4-4w2p-838q

Affected package: composer/composer

Affected version: >=2.3,<2.9.6|>=1.0,<2.2.27

Reported by:
FriendsOfPHP/security-advisories, GitHub