CVE-2026-59948: PHP Composer Flaw Lets Packages Execute Code Outside the Project Context Vulnerability Report CVE-2026-59948: PHP Composer Flaw Lets Packages Execute Code Outside the Project Context Do Son July 14, 2026 0 TL;DR PHP Composer, the main dependency manager for the language, patched three security flaws. The most serious,... Read More Read more about CVE-2026-59948: PHP Composer Flaw Lets Packages Execute Code Outside the Project Context