CVE-2026-40902 | PHPOffice PhpSpreadsheet up to 5.6.x XLSX File readRowAttributes allocation of resources (GHSA-7c6m-4442-2x6m)

May 13, 2026 Yanac

A vulnerability categorized as problematic has been discovered in PHPOffice PhpSpreadsheet up to 1.30.3/2.1.15/2.4.4/3.10.4/5.6.x. Impacted is the function ColumnAndRowAttributes::readRowAttributes of the component XLSX File Handler. Such manipulation leads to allocation of resources.

This vulnerability is traded as CVE-2026-40902. The attack may be launched remotely. There is no exploit available.

It is advisable to upgrade the affected component.VulDB Recent EntriesRead More