CVE-2026-7263

EUVD-2026-28981
In PHP versions 8.4.* before 8.4.21 and 8.5.* before 8.5.6, DOMNode::C14N() method may process the XML data incorrectly, causing a circular linked list in the data structure representing the XML document. This may cause subsequent processing of the XML document to enter infinite loop, causing denial of service in the processing application.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 18%
Affected Products (NVD)
VendorProductVersion
phpphp
8.4.0 ≤
𝑥
< 8.4.21
phpphp
8.5.0 ≤
𝑥
< 8.5.6
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
php7.4
bullseye
7.4.33-1+deb11u5
fixed
bullseye (security)
7.4.33-1+deb11u11
fixed
php8.2
bookworm
8.2.31-1~deb12u1
fixed
bookworm (security)
8.2.31-1~deb12u1
fixed
php8.4
forky
8.4.22-1
fixed
sid
8.4.22-1
fixed
trixie
vulnerable
trixie (security)
8.4.21-1~deb13u1
fixed
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
php8.4
Amazon Linux 2023
0:8.4.21-1.amzn2023.0.1
fixed
php8.4-bcmath
Amazon Linux 2023
0:8.4.21-1.amzn2023.0.1
fixed
php8.4-bcmath-debuginfo
Amazon Linux 2023
0:8.4.21-1.amzn2023.0.1
fixed
php8.4-cli
Amazon Linux 2023
0:8.4.21-1.amzn2023.0.1
fixed
php8.4-cli-debuginfo
Amazon Linux 2023
0:8.4.21-1.amzn2023.0.1
fixed
php8.4-common
Amazon Linux 2023
0:8.4.21-1.amzn2023.0.1
fixed
php8.4-common-debuginfo
Amazon Linux 2023
0:8.4.21-1.amzn2023.0.1
fixed
php8.4-dba
Amazon Linux 2023
0:8.4.21-1.amzn2023.0.1
fixed
php8.4-dba-debuginfo
Amazon Linux 2023
0:8.4.21-1.amzn2023.0.1
fixed
php8.4-dbg
Amazon Linux 2023
0:8.4.21-1.amzn2023.0.1
fixed
php8.4-dbg-debuginfo
Amazon Linux 2023
0:8.4.21-1.amzn2023.0.1
fixed
php8.4-debuginfo
Amazon Linux 2023
0:8.4.21-1.amzn2023.0.1
fixed
php8.4-debugsource
Amazon Linux 2023
0:8.4.21-1.amzn2023.0.1
fixed
php8.4-devel
Amazon Linux 2023
0:8.4.21-1.amzn2023.0.1
fixed
php8.4-embedded
Amazon Linux 2023
0:8.4.21-1.amzn2023.0.1
fixed
php8.4-embedded-debuginfo
Amazon Linux 2023
0:8.4.21-1.amzn2023.0.1
fixed
php8.4-enchant
Amazon Linux 2023
0:8.4.21-1.amzn2023.0.1
fixed
php8.4-enchant-debuginfo
Amazon Linux 2023
0:8.4.21-1.amzn2023.0.1
fixed
php8.4-ffi
Amazon Linux 2023
0:8.4.21-1.amzn2023.0.1
fixed
php8.4-ffi-debuginfo
Amazon Linux 2023
0:8.4.21-1.amzn2023.0.1
fixed
php8.4-fpm
Amazon Linux 2023
0:8.4.21-1.amzn2023.0.1
fixed
php8.4-fpm-debuginfo
Amazon Linux 2023
0:8.4.21-1.amzn2023.0.1
fixed
php8.4-gd
Amazon Linux 2023
0:8.4.21-1.amzn2023.0.1
fixed
php8.4-gd-debuginfo
Amazon Linux 2023
0:8.4.21-1.amzn2023.0.1
fixed
php8.4-gmp
Amazon Linux 2023
0:8.4.21-1.amzn2023.0.1
fixed
php8.4-gmp-debuginfo
Amazon Linux 2023
0:8.4.21-1.amzn2023.0.1
fixed
php8.4-intl
Amazon Linux 2023
0:8.4.21-1.amzn2023.0.1
fixed
php8.4-intl-debuginfo
Amazon Linux 2023
0:8.4.21-1.amzn2023.0.1
fixed
php8.4-ldap
Amazon Linux 2023
0:8.4.21-1.amzn2023.0.1
fixed
php8.4-ldap-debuginfo
Amazon Linux 2023
0:8.4.21-1.amzn2023.0.1
fixed
php8.4-mbstring
Amazon Linux 2023
0:8.4.21-1.amzn2023.0.1
fixed
php8.4-mbstring-debuginfo
Amazon Linux 2023
0:8.4.21-1.amzn2023.0.1
fixed
php8.4-modphp
Amazon Linux 2023
0:8.4.21-1.amzn2023.0.1
fixed
php8.4-modphp-debuginfo
Amazon Linux 2023
0:8.4.21-1.amzn2023.0.1
fixed
php8.4-mysqlnd
Amazon Linux 2023
0:8.4.21-1.amzn2023.0.1
fixed
php8.4-mysqlnd-debuginfo
Amazon Linux 2023
0:8.4.21-1.amzn2023.0.1
fixed
php8.4-odbc
Amazon Linux 2023
0:8.4.21-1.amzn2023.0.1
fixed
php8.4-odbc-debuginfo
Amazon Linux 2023
0:8.4.21-1.amzn2023.0.1
fixed
php8.4-opcache
Amazon Linux 2023
0:8.4.21-1.amzn2023.0.1
fixed
php8.4-opcache-debuginfo
Amazon Linux 2023
0:8.4.21-1.amzn2023.0.1
fixed
php8.4-pdo
Amazon Linux 2023
0:8.4.21-1.amzn2023.0.1
fixed
php8.4-pdo-debuginfo
Amazon Linux 2023
0:8.4.21-1.amzn2023.0.1
fixed
php8.4-pgsql
Amazon Linux 2023
0:8.4.21-1.amzn2023.0.1
fixed
php8.4-pgsql-debuginfo
Amazon Linux 2023
0:8.4.21-1.amzn2023.0.1
fixed
php8.4-process
Amazon Linux 2023
0:8.4.21-1.amzn2023.0.1
fixed
php8.4-process-debuginfo
Amazon Linux 2023
0:8.4.21-1.amzn2023.0.1
fixed
php8.4-snmp
Amazon Linux 2023
0:8.4.21-1.amzn2023.0.1
fixed
php8.4-snmp-debuginfo
Amazon Linux 2023
0:8.4.21-1.amzn2023.0.1
fixed
php8.4-soap
Amazon Linux 2023
0:8.4.21-1.amzn2023.0.1
fixed
php8.4-soap-debuginfo
Amazon Linux 2023
0:8.4.21-1.amzn2023.0.1
fixed
php8.4-sodium
Amazon Linux 2023
0:8.4.21-1.amzn2023.0.1
fixed
php8.4-sodium-debuginfo
Amazon Linux 2023
0:8.4.21-1.amzn2023.0.1
fixed
php8.4-tidy
Amazon Linux 2023
0:8.4.21-1.amzn2023.0.1
fixed
php8.4-tidy-debuginfo
Amazon Linux 2023
0:8.4.21-1.amzn2023.0.1
fixed
php8.4-xml
Amazon Linux 2023
0:8.4.21-1.amzn2023.0.1
fixed
php8.4-xml-debuginfo
Amazon Linux 2023
0:8.4.21-1.amzn2023.0.1
fixed
php8.4-zip
Amazon Linux 2023
0:8.4.21-1.amzn2023.0.1
fixed
php8.4-zip-debuginfo
Amazon Linux 2023
0:8.4.21-1.amzn2023.0.1
fixed
php8.5
Amazon Linux 2023
0:8.5.6-1.amzn2023.0.1
fixed
php8.5-bcmath
Amazon Linux 2023
0:8.5.6-1.amzn2023.0.1
fixed
php8.5-bcmath-debuginfo
Amazon Linux 2023
0:8.5.6-1.amzn2023.0.1
fixed
php8.5-cli
Amazon Linux 2023
0:8.5.6-1.amzn2023.0.1
fixed
php8.5-cli-debuginfo
Amazon Linux 2023
0:8.5.6-1.amzn2023.0.1
fixed
php8.5-common
Amazon Linux 2023
0:8.5.6-1.amzn2023.0.1
fixed
php8.5-common-debuginfo
Amazon Linux 2023
0:8.5.6-1.amzn2023.0.1
fixed
php8.5-dba
Amazon Linux 2023
0:8.5.6-1.amzn2023.0.1
fixed
php8.5-dba-debuginfo
Amazon Linux 2023
0:8.5.6-1.amzn2023.0.1
fixed
php8.5-dbg
Amazon Linux 2023
0:8.5.6-1.amzn2023.0.1
fixed
php8.5-dbg-debuginfo
Amazon Linux 2023
0:8.5.6-1.amzn2023.0.1
fixed
php8.5-debuginfo
Amazon Linux 2023
0:8.5.6-1.amzn2023.0.1
fixed
php8.5-debugsource
Amazon Linux 2023
0:8.5.6-1.amzn2023.0.1
fixed
php8.5-devel
Amazon Linux 2023
0:8.5.6-1.amzn2023.0.1
fixed
php8.5-embedded
Amazon Linux 2023
0:8.5.6-1.amzn2023.0.1
fixed
php8.5-embedded-debuginfo
Amazon Linux 2023
0:8.5.6-1.amzn2023.0.1
fixed
php8.5-enchant
Amazon Linux 2023
0:8.5.6-1.amzn2023.0.1
fixed
php8.5-enchant-debuginfo
Amazon Linux 2023
0:8.5.6-1.amzn2023.0.1
fixed
php8.5-ffi
Amazon Linux 2023
0:8.5.6-1.amzn2023.0.1
fixed
php8.5-ffi-debuginfo
Amazon Linux 2023
0:8.5.6-1.amzn2023.0.1
fixed
php8.5-fpm
Amazon Linux 2023
0:8.5.6-1.amzn2023.0.1
fixed
php8.5-fpm-debuginfo
Amazon Linux 2023
0:8.5.6-1.amzn2023.0.1
fixed
php8.5-gd
Amazon Linux 2023
0:8.5.6-1.amzn2023.0.1
fixed
php8.5-gd-debuginfo
Amazon Linux 2023
0:8.5.6-1.amzn2023.0.1
fixed
php8.5-gmp
Amazon Linux 2023
0:8.5.6-1.amzn2023.0.1
fixed
php8.5-gmp-debuginfo
Amazon Linux 2023
0:8.5.6-1.amzn2023.0.1
fixed
php8.5-intl
Amazon Linux 2023
0:8.5.6-1.amzn2023.0.1
fixed
php8.5-intl-debuginfo
Amazon Linux 2023
0:8.5.6-1.amzn2023.0.1
fixed
php8.5-ldap
Amazon Linux 2023
0:8.5.6-1.amzn2023.0.1
fixed
php8.5-ldap-debuginfo
Amazon Linux 2023
0:8.5.6-1.amzn2023.0.1
fixed
php8.5-mbstring
Amazon Linux 2023
0:8.5.6-1.amzn2023.0.1
fixed
php8.5-mbstring-debuginfo
Amazon Linux 2023
0:8.5.6-1.amzn2023.0.1
fixed
php8.5-modphp
Amazon Linux 2023
0:8.5.6-1.amzn2023.0.1
fixed
php8.5-modphp-debuginfo
Amazon Linux 2023
0:8.5.6-1.amzn2023.0.1
fixed
php8.5-mysqlnd
Amazon Linux 2023
0:8.5.6-1.amzn2023.0.1
fixed
php8.5-mysqlnd-debuginfo
Amazon Linux 2023
0:8.5.6-1.amzn2023.0.1
fixed
php8.5-odbc
Amazon Linux 2023
0:8.5.6-1.amzn2023.0.1
fixed
php8.5-odbc-debuginfo
Amazon Linux 2023
0:8.5.6-1.amzn2023.0.1
fixed
php8.5-pdo
Amazon Linux 2023
0:8.5.6-1.amzn2023.0.1
fixed
php8.5-pdo-debuginfo
Amazon Linux 2023
0:8.5.6-1.amzn2023.0.1
fixed
php8.5-pgsql
Amazon Linux 2023
0:8.5.6-1.amzn2023.0.1
fixed
php8.5-pgsql-debuginfo
Amazon Linux 2023
0:8.5.6-1.amzn2023.0.1
fixed
php8.5-process
Amazon Linux 2023
0:8.5.6-1.amzn2023.0.1
fixed
php8.5-process-debuginfo
Amazon Linux 2023
0:8.5.6-1.amzn2023.0.1
fixed
php8.5-snmp
Amazon Linux 2023
0:8.5.6-1.amzn2023.0.1
fixed
php8.5-snmp-debuginfo
Amazon Linux 2023
0:8.5.6-1.amzn2023.0.1
fixed
php8.5-soap
Amazon Linux 2023
0:8.5.6-1.amzn2023.0.1
fixed
php8.5-soap-debuginfo
Amazon Linux 2023
0:8.5.6-1.amzn2023.0.1
fixed
php8.5-sodium
Amazon Linux 2023
0:8.5.6-1.amzn2023.0.1
fixed
php8.5-sodium-debuginfo
Amazon Linux 2023
0:8.5.6-1.amzn2023.0.1
fixed
php8.5-tidy
Amazon Linux 2023
0:8.5.6-1.amzn2023.0.1
fixed
php8.5-tidy-debuginfo
Amazon Linux 2023
0:8.5.6-1.amzn2023.0.1
fixed
php8.5-xml
Amazon Linux 2023
0:8.5.6-1.amzn2023.0.1
fixed
php8.5-xml-debuginfo
Amazon Linux 2023
0:8.5.6-1.amzn2023.0.1
fixed
php8.5-zip
Amazon Linux 2023
0:8.5.6-1.amzn2023.0.1
fixed
php8.5-zip-debuginfo
Amazon Linux 2023
0:8.5.6-1.amzn2023.0.1
fixed
Common Weakness Enumeration
References
https://github.com/php/php-src/security/advisories/GHSA-4jhr-8w89-j733