CVE-2026-40902

PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Prior to 1.30.4, 2.1.16, 2.4.5, 3.10.5, and 5.7.0, the XLSX reader's ColumnAndRowAttributes::readRowAttributes method reads row numbers from XML attributes without validating them against the spreadsheet maximum row...

PhpSpreadsheet has CPU Denial of Service via Unbounded Row Index in SpreadsheetML XML Reader

Summary The SpreadsheetML XML reader Reader\Xml does not validate the ss:Index row attribute against the maximum allowed row count AddressRange::MAXROW = 1,048,576. An attacker can craft a SpreadsheetML XML file with ss:Index="999999999" on a element, which inflates the internal cachedHighestRow ...

GHSA-84WQ-86V6-X5J6 PhpSpreadsheet has CPU Denial of Service via Unbounded Row Index in SpreadsheetML XML Reader

Summary The SpreadsheetML XML reader Reader\Xml does not validate the ss:Index row attribute against the maximum allowed row count AddressRange::MAXROW = 1,048,576. An attacker can craft a SpreadsheetML XML file with ss:Index="999999999" on a element, which inflates the internal cachedHighestRow ...