Two serious security vulnerabilities have been discovered in Composer, a widely used dependency manager for PHP. These flaws could allow attackers to execute arbitrary commands on systems running affected versions.
The issues impact Composer’s handling of Perforce version control repositories. Both vulnerabilities are related to improper input validation, which opens the door for command injection attacks.
The first flaw, tracked as CVE-2026-40176, has a CVSS score of 7.8. It allows attackers to inject malicious commands through a specially crafted composer.json file. If a project is configured to use a Perforce repository, an attacker could manipulate the configuration and execute commands on the system of the user running Composer.
The second vulnerability, CVE-2026-40261, is even more severe with a CVSS score of 8.8. This flaw is caused by improper escaping of input. Attackers can exploit it by embedding shell metacharacters in a crafted source reference, again leading to command execution.
One important detail is that both vulnerabilities can be exploited even if Perforce is not installed on the system. Composer would still process the malicious input and execute the injected commands.
The vulnerabilities affect multiple versions of Composer. Systems running versions starting from 2.3 up to but not including 2.9.6 are impacted. Similarly, versions from 2.0 up to but not including 2.2.27 are also vulnerable. These issues have now been fixed in versions 2.9.6 and 2.2.27.
Developers who cannot update immediately are advised to take extra precautions. They should carefully review composer.json files before running Composer, especially when working with external or unknown projects. It is also recommended to rely only on trusted repositories and avoid installing dependencies using the “–prefer-dist” option or the “preferred-install: dist” setting.
The Composer team has checked Packagist and confirmed that there is no evidence of these vulnerabilities being actively exploited so far. As an additional safety measure, publishing Perforce-related metadata has been disabled on Packagist since April 10, 2026.
