PHP 8.1 - Non-thread safe

by PHP Groupv8.1.34

Last updated Jun 8, 2026

Install with winget

$ winget install --id PHP.PHP.NTS.8.1 --exact --version 8.1.34

Run in Command Prompt, PowerShell, or Windows Terminal. Prompts for any agreements.

Built by Pckgr

For Intune admins

Stop chasing app updates. Pckgr patches them for you.

Automated application patching for Microsoft Intune. Pckgr keeps a curated library of 1,000+ apps continuously up-to-date in your tenant via Microsoft Graph - no manual repackaging, no chasing vendor sites.

Start free 30-day trial

No credit card required.

About

PHP (recursive acronym for PHP: Hypertext Preprocessor) is a widely-used open source general-purpose scripting language that is especially suited for web development and can be embedded into HTML.

Installers · v8.1.34

Architecture	Type	Scope	Install	Download
x86	ZIP archive	-		Direct
x64	ZIP archive	-		Direct

Copy a command tailored to that specific architecture, type, and scope - useful when winget would otherwise pick a different default.

Security

25 known CVEs via NVD

high7.5Patched in wingetCVE-2026-7263affects before 8.4.21, 8.5.6May 10, 2026
In PHP versions 8.4.* before 8.4.21 and 8.5.* before 8.5.6, DOMNode::C14N() method may process the XML data incorrectly, causing a circular linked list in the data structure representing the XML document. This may cause subsequent processing of the XML document to enter infinite...
Vendor advisory
critical9.1Patched in wingetCVE-2026-6104affects before 8.4.21, 8.5.6May 10, 2026
In PHP versions 8.4.* before 8.4.21 and 8.5.* before 8.5.6, when an encoding name containing an embedded NUL byte is passed to mb_convert_encoding() or related mbstring functions, the code incorrectly assumes that when strncasecmp() returns 0 it means the strings have the same l...
Vendor advisory
high7.5Patched in wingetCVE-2026-7568affects before 8.2.31, 8.3.31, 8.4.21, 8.5.6May 10, 2026
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the metaphone() function in ext/standard/metaphone.c uses a signed int variable to track the current position within the input string. If a string longer than 2,147,483,647 byt...
Vendor advisory
high7.5Patched in wingetCVE-2026-7262affects before 8.2.31, 8.3.31, 8.4.21, 8.5.6May 10, 2026
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, when a SOAP server has a typemap configured, the decoding process contains a mistake which checks the wrong variable in case of missing value element. This leads to dereferenc...
Vendor advisory
critical9.8Patched in wingetCVE-2026-7261affects before 8.2.31, 8.3.31, 8.4.21, 8.5.6May 10, 2026
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, when SoapServer is configured with SOAP_PERSISTENCE_SESSION, the handler object is persisted across requests via session storage. However, in the case SOAP requests results in...
Vendor advisory
medium6.5Patched in wingetCVE-2026-7259affects before 8.2.31, 8.3.31, 8.4.21, 8.5.6May 10, 2026
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, a mismatch between encoding lists in Oniguruma and mbfl leads to a NULL pointer dereference, resulting in a segmentation fault and denial of service. The vulnerability is expl...
Vendor advisory
high7.5Patched in wingetCVE-2026-7258affects before 8.2.21, 8.3.31, 8.4.21, 8.5.6May 10, 2026
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, some functions, including urldecode(), pass signed char to ctype functions (like isxdigit()). On the systems with default signed char and optimized table-lookup ctype functions...
Vendor advisory
medium6.1Patched in wingetCVE-2026-6735affects before 8.2.31, 8.3.31, 8.4.21, 8.5.6May 10, 2026
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, 8.5.* before 8.5.6, due to improper sanitation of user data, it allows an attacker to compose an URL, which will cause the target to execute arbitrary JavaScript code (XSS) on the target's machine whe...
Vendor advisory

Showing 8 of 25. Source: NVD, updated 5h ago. Patch status is best-effort: NVD's fix version is compared against the latest version in winget, but the two version formats don't always align. Confirm with the vendor advisory before treating any specific build as safe.

See a CVE that affects your fleet? Push the patched version to Intune in one click with Pckgr - automated patching is the only way to keep up.

Related apps

PHP 8.4PHP Group
PHP.PHP.8.4v8.4.22
PHP 8.4
PHP 8.5 - Non-thread safePHP Group
PHP.PHP.NTS.8.5v8.5.7
PHP 8.5 - Non-thread safe
PHP 8.5PHP Group
PHP.PHP.8.5v8.5.7
PHP 8.5
PHP 8.1PHP Group
PHP.PHP.8.1v8.1.34
PHP 8.1
PHP 8.2 - Non-thread safePHP Group
PHP.PHP.NTS.8.2v8.2.31
PHP 8.2 - Non-thread safe
PHP 8.4 - Non-thread safePHP Group
PHP.PHP.NTS.8.4v8.4.22
PHP 8.4 - Non-thread safe

More from PHP Group or browse php, php81.

Frequently asked questions

How do I install PHP 8.1 - Non-thread safe on Windows?

Open Windows Terminal, PowerShell, or Command Prompt and run: winget install --id PHP.PHP.NTS.8.1 --exact --version 8.1.34. winget downloads the installer from PHP Group and runs it. Requires Windows 10 (1809+) or Windows 11.

How do I install PHP 8.1 - Non-thread safe silently for unattended deployment?

Add --silent and accept the agreements upfront: winget install --id PHP.PHP.NTS.8.1 --exact 8.1.34 --silent --accept-package-agreements --accept-source-agreements. This is the variant Intune, Configuration Manager, and other deployment tools should use.

How do I uninstall PHP 8.1 - Non-thread safe via winget?

Run: winget uninstall --id PHP.PHP.NTS.8.1 --exact. Add --silent for unattended uninstalls. winget will use the registered uninstaller from PHP 8.1 - Non-thread safe's Apps & Features entry.

Is PHP 8.1 - Non-thread safe free?

PHP 8.1 - Non-thread safe is distributed under PHP License v3.01. Refer to the publisher (https://php.net) for the full license terms - Wingetly itself does not charge for installation.

Does PHP 8.1 - Non-thread safe work on Windows 10?

Yes, as long as your Windows 10 build supports winget (1809 or newer). winget ships with App Installer on Windows 10/11 and pulls PHP 8.1 - Non-thread safe directly from the publisher.

How do I keep PHP 8.1 - Non-thread safe up to date?

Run winget upgrade --id PHP.PHP.NTS.8.1 --exact, or winget upgrade --all to update everything winget tracks. We index 1 version of PHP 8.1 - Non-thread safe from microsoft/winget-pkgs.