High severity7.5NVD Advisory· Published May 10, 2026· Updated May 12, 2026

CVE-2026-7263

Description

In PHP versions 8.4.* before 8.4.21 and 8.5.* before 8.5.6, DOMNode::C14N() method may process the XML data incorrectly, causing a circular linked list in the data structure representing the XML document. This may cause subsequent processing of the XML document to enter infinite loop, causing denial of service in the processing application.

Affected products

PHP/PHP
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
Range: >=8.4.0,<8.4.21

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/php/php-src/security/advisories/GHSA-4jhr-8w89-j733nvdVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000