diff --git a/NEWS b/NEWS
index 5eb1694b5e816..ed4de1605466c 100644
--- a/NEWS
+++ b/NEWS
@@ -3,6 +3,8 @@ PHP                                                                        NEWS
 ?? ??? ????, PHP 8.3.23
 
 - Core:
+  . Fixed GH-18833 (use after free during destruction).
+    (Daniil Gentili)
   . Fixed GH-18695 (zend_ast_export() - float number is not preserved).
     (Oleg Efimov)
 
diff --git a/Zend/tests/gh18833.phpt b/Zend/tests/gh18833.phpt
new file mode 100644
index 0000000000000..1c42ccdb596bc
--- /dev/null
+++ b/Zend/tests/gh18833.phpt
@@ -0,0 +1,24 @@
+--TEST--
+Bug #18833 (Use after free with weakmaps dependent on destruction order)
+--FILE--
+<?php
+
+class a {
+    public static WeakMap $map;
+    public static Generator $storage;
+}
+
+a::$map = new WeakMap;
+
+$closure = function () {
+    $obj = new a;
+    a::$map[$obj] = true;
+    yield $obj;
+};
+a::$storage = $closure();
+a::$storage->current();
+
+echo "ok\n";
+?>
+--EXPECT--
+ok
diff --git a/Zend/zend_objects_API.c b/Zend/zend_objects_API.c
index 80f5b747db710..0844453357773 100644
--- a/Zend/zend_objects_API.c
+++ b/Zend/zend_objects_API.c
@@ -104,7 +104,9 @@ ZEND_API void ZEND_FASTCALL zend_objects_store_free_object_storage(zend_objects_
 			if (IS_OBJ_VALID(obj)) {
 				if (!(OBJ_FLAGS(obj) & IS_OBJ_FREE_CALLED)) {
 					GC_ADD_FLAGS(obj, IS_OBJ_FREE_CALLED);
-					if (obj->handlers->free_obj != zend_object_std_dtor) {
+					if (obj->handlers->free_obj != zend_object_std_dtor
+						|| (OBJ_FLAGS(obj) & IS_OBJ_WEAKLY_REFERENCED)
+					) {
 						GC_ADDREF(obj);
 						obj->handlers->free_obj(obj);
 					}