diff --git a/Zend/tests/gh18845.phpt b/Zend/tests/gh18845.phpt
new file mode 100644
index 000000000000..1a6ca6913fda
--- /dev/null
+++ b/Zend/tests/gh18845.phpt
@@ -0,0 +1,18 @@
+--TEST--
+GH-18845: Use-after-free of object through __isset() and globals
+--FILE--
+<?php
+
+class C {
+    public function __isset($x) {
+        $GLOBALS['c'] = null;
+        return true;
+    }
+}
+
+$c = new C;
+var_dump($c->prop ?? 1);
+
+?>
+--EXPECT--
+int(1)
diff --git a/Zend/zend_object_handlers.c b/Zend/zend_object_handlers.c
index 7b804e7afe95..9421867c8fb4 100644
--- a/Zend/zend_object_handlers.c
+++ b/Zend/zend_object_handlers.c
@@ -905,7 +905,13 @@ ZEND_API zval *zend_std_read_property(zend_object *zobj, zend_string *name, int
 			if (zobj->ce->__get && !((*guard) & IN_GET)) {
 				goto call_getter;
 			}
+
+			bool obj_is_freed = GC_REFCOUNT(zobj) == 1;
 			OBJ_RELEASE(zobj);
+			if (UNEXPECTED(obj_is_freed)) {
+				retval = &EG(uninitialized_zval);
+				goto exit;
+			}
 		} else if (zobj->ce->__get && !((*guard) & IN_GET)) {
 			goto call_getter_addref;
 		}