CVE-2026-40863 | PHPOffice PhpSpreadsheet up to 5.6.x XML File getRowIterator allocation of resources (GHSA-84wq-86v6-x5j6)

May 13, 2026 Yanac

A vulnerability labeled as problematic has been found in PHPOffice PhpSpreadsheet up to 1.30.3/2.1.15/2.4.4/3.10.4/5.6.x. The impacted element is the function getRowIterator of the component XML File Handler. Executing a manipulation can lead to allocation of resources.

This vulnerability is handled as CVE-2026-40863. The attack can be executed remotely. There is not any exploit available.

The affected component should be upgraded.VulDB Recent EntriesRead More