diff --git a/NEWS b/NEWS
index 73a2b3d6637c1..22762f98c2ca7 100644
--- a/NEWS
+++ b/NEWS
@@ -170,6 +170,8 @@ PHP                                                                        NEWS
     argument value is passed. (Girgias)
   . linkinfo() now raises a ValueError when the argument is an empty string.
     (Weilin Du)
+  . getenv() and putenv() now raises a ValueError when the first argument
+    contains null bytes. (Weilin Du)
 
 - Streams:
   . Added so_keepalive, tcp_keepidle, tcp_keepintvl and tcp_keepcnt stream
diff --git a/UPGRADING b/UPGRADING
index 9c3d5a2b29a7d..869e265af8a23 100644
--- a/UPGRADING
+++ b/UPGRADING
@@ -88,6 +88,8 @@ PHP 8.6 UPGRADE NOTES
     argument value is passed.
   . array_change_key_case() now raises a ValueError when an invalid $case
     argument value is passed.
+  . getenv() and putenv() now raises a ValueError when the first argument
+    contains null bytes.
   . linkinfo() now raises a ValueError when the $path argument is empty.
   . pathinfo() now raises a ValueError when an invalid $flag
     argument value is passed.
diff --git a/ext/standard/basic_functions.c b/ext/standard/basic_functions.c
index ece7f1278f7e2..5c6b1ce1d1d19 100644
--- a/ext/standard/basic_functions.c
+++ b/ext/standard/basic_functions.c
@@ -696,7 +696,7 @@ PHP_FUNCTION(getenv)
 
 	ZEND_PARSE_PARAMETERS_START(0, 2)
 		Z_PARAM_OPTIONAL
-		Z_PARAM_STRING_OR_NULL(str, str_len)
+		Z_PARAM_PATH_OR_NULL(str, str_len)
 		Z_PARAM_BOOL(local_only)
 	ZEND_PARSE_PARAMETERS_END();
 
@@ -739,7 +739,7 @@ PHP_FUNCTION(putenv)
 #endif
 
 	ZEND_PARSE_PARAMETERS_START(1, 1)
-		Z_PARAM_STRING(setting, setting_len)
+		Z_PARAM_PATH(setting, setting_len)
 	ZEND_PARSE_PARAMETERS_END();
 
 	if (setting_len == 0 || setting[0] == '=') {
diff --git a/ext/standard/tests/general_functions/putenv_and_getenv_reject_null_bytes.phpt b/ext/standard/tests/general_functions/putenv_and_getenv_reject_null_bytes.phpt
new file mode 100644
index 0000000000000..28a3462373380
--- /dev/null
+++ b/ext/standard/tests/general_functions/putenv_and_getenv_reject_null_bytes.phpt
@@ -0,0 +1,35 @@
+--TEST--
+getenv() and putenv() reject null bytes
+--FILE--
+<?php
+
+foreach ([false, true] as $local_only) {
+    try {
+        getenv("PHP_GETENV_NUL_TEST\0SUFFIX", $local_only);
+    } catch (ValueError $exception) {
+        echo $exception->getMessage() . "\n";
+    }
+}
+
+$var_name = 'PHP_PUTENV_NUL_TEST';
+
+foreach ([
+    $var_name . "\0SUFFIX=value",
+    $var_name . "=va\0lue",
+] as $assignment) {
+    try {
+        putenv($assignment);
+    } catch (ValueError $exception) {
+        echo $exception->getMessage() . "\n";
+    }
+}
+
+var_dump(getenv($var_name));
+
+?>
+--EXPECT--
+getenv(): Argument #1 ($name) must not contain any null bytes
+getenv(): Argument #1 ($name) must not contain any null bytes
+putenv(): Argument #1 ($assignment) must not contain any null bytes
+putenv(): Argument #1 ($assignment) must not contain any null bytes
+bool(false)