EOLCanaryEOLCanary
Explore

PHP 8.x — End of Life

Active Critical risk
EOL: Dec 31, 2029in 1301d6 releases in this series36 CVEs

PHP 8.x — All releases

VersionReleasedActive supportEOL dateLatest patchStatus
8.5Nov 20, 2025Dec 31, 2027Dec 31, 20298.5.7Active
8.4Nov 21, 2024Dec 31, 2026Dec 31, 20288.4.22Active
8.3Nov 23, 2023Dec 31, 2025Dec 31, 20278.3.31Active
8.2Dec 8, 2022Dec 31, 2024Dec 31, 20268.2.31Active
8.1Nov 25, 2021Nov 25, 2023Dec 31, 20258.1.34EOL
8.0Nov 26, 2020Nov 26, 2022Nov 26, 20238.0.30EOL

CVEs affecting PHP 8.x (36)

CVESeverityCVSSEPSSKEVCycleDescriptionPublished
CVE-2025-14179CRITICAL9.80.07%8.2In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the PDO Firebird …May 10, 2026
CVE-2025-14179CRITICAL9.80.07%8.4In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the PDO Firebird …May 10, 2026
CVE-2026-7261CRITICAL9.80.10%8.3In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, when SoapServer i…May 10, 2026
CVE-2026-7261CRITICAL9.80.10%8.2In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, when SoapServer i…May 10, 2026
CVE-2025-14179CRITICAL9.80.07%8.5In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the PDO Firebird …May 10, 2026
CVE-2026-6722CRITICAL9.80.37%8.2In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the SOAP extensio…May 10, 2026
CVE-2026-6722CRITICAL9.80.37%8.3In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the SOAP extensio…May 10, 2026
CVE-2026-6722CRITICAL9.80.37%8.4In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the SOAP extensio…May 10, 2026
CVE-2026-6722CRITICAL9.80.37%8.5In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the SOAP extensio…May 10, 2026
CVE-2026-7261CRITICAL9.80.10%8.4In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, when SoapServer i…May 10, 2026
CVE-2025-14179CRITICAL9.80.07%8.3In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the PDO Firebird …May 10, 2026
CVE-2026-7261CRITICAL9.80.10%8.5In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, when SoapServer i…May 10, 2026
CVE-2026-6104CRITICAL9.10.03%8.5In PHP versions 8.4.* before 8.4.21 and 8.5.* before 8.5.6, when an encoding name containing an embedded NUL byte is pas…May 10, 2026
CVE-2026-6104CRITICAL9.10.03%8.4In PHP versions 8.4.* before 8.4.21 and 8.5.* before 8.5.6, when an encoding name containing an embedded NUL byte is pas…May 10, 2026
CVE-2026-7258HIGH7.50.03%8.3In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, some functions, i…May 10, 2026
CVE-2026-7258HIGH7.50.03%8.2In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, some functions, i…May 10, 2026
CVE-2026-7258HIGH7.50.03%8.4In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, some functions, i…May 10, 2026
CVE-2026-7258HIGH7.50.03%8.5In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, some functions, i…May 10, 2026
CVE-2026-7262HIGH7.50.12%8.4In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, when a SOAP serve…May 10, 2026
CVE-2026-7262HIGH7.50.12%8.5In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, when a SOAP serve…May 10, 2026
CVE-2026-7568HIGH7.50.09%8.2In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the metaphone() f…May 10, 2026
CVE-2026-7568HIGH7.50.09%8.3In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the metaphone() f…May 10, 2026
CVE-2026-7568HIGH7.50.09%8.4In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the metaphone() f…May 10, 2026
CVE-2026-7568HIGH7.50.09%8.5In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the metaphone() f…May 10, 2026
CVE-2026-7263HIGH7.50.05%8.4In PHP versions 8.4.* before 8.4.21 and 8.5.* before 8.5.6, DOMNode::C14N() method may process the XML data incorrectly,…May 10, 2026
CVE-2026-7263HIGH7.50.05%8.5In PHP versions 8.4.* before 8.4.21 and 8.5.* before 8.5.6, DOMNode::C14N() method may process the XML data incorrectly,…May 10, 2026
CVE-2026-7262HIGH7.50.12%8.2In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, when a SOAP serve…May 10, 2026
CVE-2026-7262HIGH7.50.12%8.3In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, when a SOAP serve…May 10, 2026
CVE-2026-7259MEDIUM6.50.08%8.4In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, a mismatch betwee…May 10, 2026
CVE-2026-7259MEDIUM6.50.08%8.5In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, a mismatch betwee…May 10, 2026
CVE-2026-7259MEDIUM6.50.08%8.3In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, a mismatch betwee…May 10, 2026
CVE-2026-7259MEDIUM6.50.08%8.2In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, a mismatch betwee…May 10, 2026
CVE-2026-6735MEDIUM6.10.08%8.5In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, 8.5.* before 8.5.6, due to improper sanit…May 10, 2026
CVE-2026-6735MEDIUM6.10.08%8.4In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, 8.5.* before 8.5.6, due to improper sanit…May 10, 2026
CVE-2026-6735MEDIUM6.10.08%8.3In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, 8.5.* before 8.5.6, due to improper sanit…May 10, 2026
CVE-2026-6735MEDIUM6.10.08%8.2In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, 8.5.* before 8.5.6, due to improper sanit…May 10, 2026

Frequently asked questions

Is PHP 8 end of life?

Partially. Some PHP 8.x releases have reached EOL. Check the version table above for the exact status of each sub-release.

What CVEs affect PHP 8?

There are 36 CVEs tracked for PHP 8.x, including 14 critical severity issues. See the full list above with CVSS and EPSS scores.

What is the latest PHP 8 version?

The latest PHP 8.x patch release is 8.5.7, released on June 4, 2026. Always run the latest patch to benefit from all security fixes.

When was PHP 8 first released?

PHP 8.0 was initially released on November 20, 2025. See the full version timeline in the table above.

Is it safe to run PHP 8 in production?

PHP 8 is still supported and safe for production use until December 31, 2029. Ensure you are running the latest patch version (8.5.7) to have all security fixes applied.

Data sourced from endoflife.date · CVE data from NVD · EPSS from FIRST.org · KEV from CISA