CVE-2026-40863— PhpSpreadsheet 安全漏洞

PhpSpreadsheet: CPU Denial of Service via Unbounded Row Index in SpreadsheetML XML Reader

PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Prior to 1.30.4, 2.1.16, 2.4.5, 3.10.5, and 5.7.0, the SpreadsheetML XML reader (Reader\Xml) does not validate the ss:Index row attribute against the maximum allowed row count (AddressRange::MAX_ROW = 1,048,576). An attacker can craft a SpreadsheetML XML file with ss:Index="999999999" on a <Row> element, which inflates the internal cachedHighestRow to ~1 billion. Any subsequent call to getRowIterator() without an explicit end row will attempt to iterate ~1 billion rows, causing CPU exhaustion and denial of service. This vulnerability is fixed in 1.30.4, 2.1.16, 2.4.5, 3.10.5, and 5.7.0.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

不加限制或调节的资源分配

PhpSpreadsheet 安全漏洞

PhpSpreadsheet是PHPOffice开源的一款用于读取和写入电子表格文件的PHP库。 PhpSpreadsheet 1.30.4之前版本、2.1.16之前版本、2.4.5之前版本、3.10.5之前版本和5.7.0之前版本存在安全漏洞，该漏洞源于SpreadsheetML XML读取器未验证ss:Index行属性是否超过最大行数，可能导致攻击者制作恶意文件导致CPU耗尽和拒绝服务。

N/A

N/A