CVE-2026-7263
published 2026-05-10CVE-2026-7263: In PHP versions 8.4.* before 8.4.21 and 8.5.* before 8.5.6, DOMNode::C14N() method may process the XML data incorrectly, causing a circular linked list in the…
PriorityP341high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.35%
27.2th percentile
In PHP versions 8.4.* before 8.4.21 and 8.5.* before 8.5.6, DOMNode::C14N() method may process the XML data incorrectly, causing a circular linked list in the data structure representing the XML document. This may cause subsequent processing of the XML document to enter infinite loop, causing denial of service in the processing application.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | php8.4 | — | — |
| php | php | — | — |
| php | php | >= 8.4.0 < 8.4.21 | 8.4.21 |
| php | php | >= 8.5.0 < 8.5.6 | 8.5.6 |
| php_7.4 | php | — | — |
| php_8.2 | php | — | — |
| php_8.3 | php | — | — |
| php_group | php | >= 8.4.* < 8.4.21 | 8.4.21 |
| php_group | php | >= 8.5.* < 8.5.6 | 8.5.6 |
| ubuntu | php8.1 | — | — |
| ubuntu | php8.3 | — | — |
| ubuntu | php8.4 | — | — |
| ubuntu | php8.5 | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv4.06.3MEDIUMCVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:M/U:Amber
vendor_ubuntu7.4HIGH
vendor_redhat6.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
PHP vulnerabilities
vendor_ubuntu·2026-05-28·CVSS 7.4
CVE-2026-7259 [HIGH] PHP vulnerabilities
Title: PHP vulnerabilities
Summary: Several security issues were fixed in PHP.
Aleksey Solovev and Nikita Sveshnikov discovered that PHP improperly
handled NUL bytes when preparing SQL queries in the PDO Firebird driver. An
attacker could possibly use this issue to perform SQL injection attacks.
(CVE-2025-14179)
It was discovered that PHP incorrectly handled certain encoding names in
mbstring. An attacker could possibly use this issue to obtain sensitive
information or cause a denial of service. This issue only affected Ubuntu
25.10 and Ubuntu 26.04 LTS. (CVE-2026-6104)
It was discovered that PHP incorrectly handled object references while
parsing crafted SOAP requests. A remote attacker could possibly use this
issue to execute arbitrary code. (CVE-2026-6722)
It was discovered that PH
Red Hat
php: denial of service via DOMNode::C14N()
vendor_redhat·2026-05-10·CVSS 6.3
CVE-2026-7263 [MEDIUM] CWE-835 php: denial of service via DOMNode::C14N()
php: denial of service via DOMNode::C14N()
A flaw was found in PHP. The `DOMNode::C14N()` method may incorrectly process XML data due to the improper removal of an `xmlns` attribute from the underlying libxml2 data structure, corrupting the linked list representing the XML document and causing an infinite loop. This issue can lead to excessive resource consumption, eventually resulting in a denial of service in the processing application.
Statement: To exploit this issue, an attacker needs to be able to supply specially crafted XML data to be processed by the `DOMNode::C14N()` method. This can trigger an infinite loop, causing excessive resource consumption, eventually resulting in a denial of service in the program processing the data. As this flaw allows an unauthenticated and remote a
VulDB
PHP up to 8.4.20/8.5.5 DOMNode::C14N denial of service (GHSA-4jhr-8w89-j733 / WID-SEC-2026-1433)
vuldb·2026-05-10·CVSS 6.3
CVE-2026-7263 [MEDIUM] PHP up to 8.4.20/8.5.5 DOMNode::C14N denial of service (GHSA-4jhr-8w89-j733 / WID-SEC-2026-1433)
A vulnerability identified as problematic has been detected in PHP up to 8.4.20/8.5.5. Affected by this vulnerability is the function DOMNode::C14N. The manipulation leads to denial of service.
This vulnerability is listed as CVE-2026-7263. The attack may be initiated remotely. There is no available exploit.
You should upgrade the affected component.
No detection rules found.
No public exploits indexed.
2026-05-10
Published