CVE-2026-40863

CVE-2026-40863 affects PhpSpreadsheet’s SpreadsheetML XML reader. An attacker can craft an XML with an oversized ss:Index (e.g., 999999999) on a , inflating the internal cachedHighestRow to ~1 billion and causing CPU exhaustion during row iteration. This leads to denial of service when processing...

CVE-2026-40863

PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Prior to 1.30.4, 2.1.16, 2.4.5, 3.10.5, and 5.7.0, the SpreadsheetML XML reader Reader\Xml does not validate the ss:Index row attribute against the maximum allowed row count AddressRange::MAXROW = 1,048,576. An attack...

CVE-2026-40863 PhpSpreadsheet: CPU Denial of Service via Unbounded Row Index in SpreadsheetML XML Reader

PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Prior to 1.30.4, 2.1.16, 2.4.5, 3.10.5, and 5.7.0, the SpreadsheetML XML reader Reader\Xml does not validate the ss:Index row attribute against the maximum allowed row count AddressRange::MAXROW = 1,048,576. An attack...

CVE-2026-40863 PhpSpreadsheet: CPU Denial of Service via Unbounded Row Index in SpreadsheetML XML Reader

PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Prior to 1.30.4, 2.1.16, 2.4.5, 3.10.5, and 5.7.0, the SpreadsheetML XML reader Reader\Xml does not validate the ss:Index row attribute against the maximum allowed row count AddressRange::MAXROW = 1,048,576. An attack...

CVE-2026-40902

CVE-2026-40902 affects PhpSpreadsheet’s XLSX reader. The vulnerability arises when ColumnAndRowAttributes::readRowAttributes() reads the row index (r attribute) from XML without validating against the maximum row limit (AddressRange::MAX_ROW = 1,048,576). An attacker can craft a tiny XLSX file co...

CVE-2026-40902

PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Prior to 1.30.4, 2.1.16, 2.4.5, 3.10.5, and 5.7.0, the XLSX reader's ColumnAndRowAttributes::readRowAttributes method reads row numbers from XML attributes without validating them against the spreadsheet maximum row...

CVE-2026-40902 PhpSpreadsheet: CPU Denial of Service via Unbounded Row Number in XLSX Row Dimensions

PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Prior to 1.30.4, 2.1.16, 2.4.5, 3.10.5, and 5.7.0, the XLSX reader's ColumnAndRowAttributes::readRowAttributes method reads row numbers from XML attributes without validating them against the spreadsheet maximum row...

CVE-2026-40902 PhpSpreadsheet: CPU Denial of Service via Unbounded Row Number in XLSX Row Dimensions

PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Prior to 1.30.4, 2.1.16, 2.4.5, 3.10.5, and 5.7.0, the XLSX reader's ColumnAndRowAttributes::readRowAttributes method reads row numbers from XML attributes without validating them against the spreadsheet maximum row...

PhpSpreadsheet 安全漏洞

PhpSpreadsheet is a PHP library developed by PHPOffice, designed for reading and writing spreadsheet files. Vulnerabilities exist in versions prior to 1.30.4, 2.1.16, 2.4.5, 3.10.5, and 5.7.0 of PhpSpreadsheet. These vulnerabilities stem from the XLSX reader’s...

PhpSpreadsheet 安全漏洞

PhpSpreadsheet is a PHP library developed by PHPOffice, designed for reading and writing spreadsheet files. Vulnerabilities exist in versions prior to 1.30.4, 2.1.16, 2.4.5, 3.10.5, and 5.7.0 of PhpSpreadsheet. These vulnerabilities stem from the SpreadsheetML XML reader not verifying whether the...

CVE-2026-40296

PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. The HTML writer skips htmlspecialchars escaping when a cell's formatted value differs from the original value. When a cell has a custom number format containing the text placeholder @ along with any additional literal...

CVE-2026-40296 PhpSpreadsheet vulnerable to XSS in HTML writer via custom number format codes

PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. The HTML writer skips htmlspecialchars escaping when a cell's formatted value differs from the original value. When a cell has a custom number format containing the text placeholder @ along with any additional literal...

EUVD-2026-28221

PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. The HTML writer skips htmlspecialchars escaping when a cell's formatted value differs from the original value. When a cell has a custom number format containing the text placeholder @ along with any additional literal...

CVE-2026-40296

PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. The HTML writer skips htmlspecialchars escaping when a cell's formatted value differs from the original value. When a cell has a custom number format containing the text placeholder @ along with any additional literal...

CVE-2026-40296 PhpSpreadsheet vulnerable to XSS in HTML writer via custom number format codes

PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. The HTML writer skips htmlspecialchars escaping when a cell's formatted value differs from the original value. When a cell has a custom number format containing the text placeholder @ along with any additional literal...

CVE-2026-35453

PhpSpreadsheet is a library for reading and writing spreadsheet files. In versions 1.30.3 and earlier, 2.0.0 through 2.1.15, 2.2.0 through 2.4.4, 3.3.0 through 3.10.4, and 4.0.0 through 5.6.0, the HTML Writer skips htmlspecialchars output escaping when a cell uses a custom number format containin...

PhpSpreadsheet 跨站脚本漏洞

PhpSpreadsheet is a PHP library developed by PHPOffice, designed for reading and writing spreadsheet files. Versions prior to PhpSpreadsheet 5.7.0, 3.10.5, 2.4.5, 2.1.16, and 1.30.4 contained a cross-site scripting vulnerability. This vulnerability stemmed from HTML writers skipping...

CVE-2026-35453

PhpSpreadsheet is a library for reading and writing spreadsheet files. In versions 1.30.3 and earlier, 2.0.0 through 2.1.15, 2.2.0 through 2.4.4, 3.3.0 through 3.10.4, and 4.0.0 through 5.6.0, the HTML Writer skips htmlspecialchars output escaping when a cell uses a custom number format containin...

CVE-2026-34084

PhpSpreadsheet is a library for reading and writing spreadsheet files. In versions 1.30.2 and earlier, 2.0.0 through 2.1.14, 2.2.0 through 2.4.3, 3.3.0 through 3.10.3, and 4.0.0 through 5.5.0, when the filename argument to IOFactory::load is user-controlled, an attacker can supply a PHP stream...

CVE-2026-35453 PhpSpreadsheet XSS via number format text substitution in HTML Writer

PhpSpreadsheet is a library for reading and writing spreadsheet files. In versions 1.30.3 and earlier, 2.0.0 through 2.1.15, 2.2.0 through 2.4.4, 3.3.0 through 3.10.4, and 4.0.0 through 5.6.0, the HTML Writer skips htmlspecialchars output escaping when a cell uses a custom number format containin...