PHP Composer Affected by Two New Vulnerabilities Allowing Arbitrary Code Execution

PHP Composer is affected by two newly disclosed vulnerabilities, identified as CVE-2026-40176 and CVE-2026-40261, which allow attackers to execute arbitrary code on a target server. The flaws specifically enable remote command execution, posing a significant security risk to systems using the affected software. No specific versions, patch release dates, or exploitation details were provided in the report. The vulnerabilities were highlighted in a security notice published by IT-Connect. The exact scope of impacted systems or mitigation steps is not outlined in the available content.