PHP 8.5.7 `FILTER_SANITIZE_ENCODED` uninitialized read (opens in new tab)

Posted by Khashayar Fereidani on Jun 20# PHP 8.5.7 `FILTER_SANITIZE_ENCODED` uninitialized read **Author:** Khashayar Fereidani **Disclosure Date:** 2026-06-18 **Advisory:** ## Description In `ext/filter/sanitizing_filters.c`, the `php_filter_encode_url` function leaves the `255`th byte (`0xFF`) of a transient array uninitialized. An array of 256 bytes is populated...