CVE-2026-47110

Tiptap for PHP before version 2.1.1 contains an input validation vulnerability: if attrs.href is submitted as an array in Tiptap JSON, Link::isAllowedUri() can trigger an unhandled TypeError during preg_match(), crashing the server-side HTML rendering pipeline for all subsequent viewers of that r...