[HIGH] Command injection via malicious Perforce repository definition

PKSA-6bp1-9hfj-2cgv CVE-2026-40176 GHSA-wg36-wvj6-r67p

Affected version: >=2.3,<2.9.6|>=1.0,<2.2.27

Reported by:
FriendsOfPHP/security-advisories, GitHub

[HIGH] Command injection via malicious Perforce source reference/url

PKSA-t5r2-p5q9-mtpn CVE-2026-40261 GHSA-gqw4-4w2p-838q

Affected version: >=2.3,<2.9.6|>=1.0,<2.2.27

Reported by:
FriendsOfPHP/security-advisories, GitHub