diff --git a/NEWS b/NEWS
index 118a8e52103..d445c491210 100644
--- a/NEWS
+++ b/NEWS
@@ -53,6 +53,7 @@ PHP                                                                        NEWS
 
 - Standard:
   . Fix error check for proc_open() command. (ndossche)
+  . Fix memory leak in mail() when header key is numeric. (Girgias)
 
 - URI:
   . Fixed bug GH-20771 (Assertion failure when getUnicodeHost() returns
diff --git a/ext/standard/mail.c b/ext/standard/mail.c
index 8c8b4e6717e..b631d12e4c7 100644
--- a/ext/standard/mail.c
+++ b/ext/standard/mail.c
@@ -218,7 +218,8 @@ PHPAPI zend_string *php_mail_build_headers(HashTable *headers)
 	ZEND_HASH_FOREACH_KEY_VAL(headers, idx, key, val) {
 		if (!key) {
 			zend_type_error("Header name cannot be numeric, " ZEND_LONG_FMT " given", idx);
-			break;
+			smart_str_free(&s);
+			return NULL;
 		}
 		ZVAL_DEREF(val);
 		/* https://tools.ietf.org/html/rfc2822#section-3.6 */
diff --git a/ext/standard/tests/mail/gh20776.phpt b/ext/standard/tests/mail/gh20776.phpt
new file mode 100644
index 00000000000..aec68c47192
--- /dev/null
+++ b/ext/standard/tests/mail/gh20776.phpt
@@ -0,0 +1,15 @@
+--TEST--
+GH-20776: mail() memory leak when header array contains numeric keys
+--FILE--
+<?php
+$to = "user@example.com";
+$subject = $message = "";
+
+try {
+    var_dump(mail($to, $subject, $message, ['RandomHeader' => 'Value', 5 => 'invalid key']));
+} catch (Throwable $e) {
+    echo $e::class, ': ', $e->getMessage(), PHP_EOL;
+}
+?>
+--EXPECT--
+TypeError: Header name cannot be numeric, 5 given