EIP-2026-103628

PRE-CVE

PHP (Multiple Functions) - Local Denial of Service

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-103628. PoCs published by Yakir Wizman.

AI-analyzed exploit summary This exploit demonstrates multiple local denial-of-service (DoS) vulnerabilities in various PHP functions by passing an excessively long string (9999 'A' characters) as an argument, causing crashes in PHP versions 4.4.6 and 5.0.3.

Description

PHP (Multiple Functions) - Local Denial of Service

Exploits (1)

exploitdb WORKING POC
by Yakir Wizman · phpdosmultiple
https://www.exploit-db.com/exploits/11717

This exploit demonstrates multiple local denial-of-service (DoS) vulnerabilities in various PHP functions by passing an excessively long string (9999 'A' characters) as an argument, causing crashes in PHP versions 4.4.6 and 5.0.3.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: PHP 4.4.6, PHP 5.0.3, PHP 5.2.3
No auth needed
Prerequisites: Local access to a vulnerable PHP installation
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026