High severity7.5NVD Advisory· Published May 10, 2026· Updated May 12, 2026
CVE-2026-7263
CVE-2026-7263
Description
In PHP versions 8.4.* before 8.4.21 and 8.5.* before 8.5.6, DOMNode::C14N() method may process the XML data incorrectly, causing a circular linked list in the data structure representing the XML document. This may cause subsequent processing of the XML document to enter infinite loop, causing denial of service in the processing application.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
6- osv-coords4 versionspkg:bitnami/libphppkg:bitnami/phppkg:bitnami/php-minpkg:rpm/opensuse/php8&distro=openSUSE%20Tumbleweed
>= 8.4.0, < 8.4.21+ 3 more
- (no CPE)range: >= 8.4.0, < 8.4.21
- (no CPE)range: >= 8.4.0, < 8.4.21
- (no CPE)range: >= 8.4.0, < 8.4.21
- (no CPE)range: < 8.5.6-1.1
Patches
Vulnerability mechanics
References
1- github.com/php/php-src/security/advisories/GHSA-4jhr-8w89-j733nvdVendor Advisory
News mentions
0No linked articles in our index yet.