A vulnerability, which was classified as problematic, has been found in Composer up to 2.2.28/2.10.1. This issue affects the function AuthHelper/Url::sanitize/ProcessExecutor of the component URL Sanitizer. Performing a manipulation of the argument Username results in sensitive information in log files.

This vulnerability is reported as CVE-2026-59947. The attack requires a local approach. No exploit exists.