DoS attack via DOMNode::C14N()_CVE-2026-7263

6.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/AU:Y/RE:M/U:Amber

Description

In PHP versions 8.4.* before 8.4.21 and 8.5.* before 8.5.6, DOMNode::C14N() method may process the XML data incorrectly, causing a circular linked list in the data structure representing the XML document. This may cause subsequent processing of the XML document to enter infinite loop, causing denial of service in the processing application.

Basic Information

ID CVE-2026-7263

Source php

Published May 10, 2026 at 04:43

Modified May 10, 2026 at 04:46

Affected Product

Vendor PHP Group

Product PHP

Version 8.4.*

Affected Versions PHP Group PHP 8.4.*
PHP Group PHP 8.5.*

CWE Classification

CWE-404 CWE-835

References

github.com /php/php-src/security/advisories/GHSA-4jhr-8w89-j733

{
    "lastseen": "",
    "description": "In PHP versions 8.4.* before 8.4.21 and 8.5.* before 8.5.6, DOMNode::C14N()\u00a0method may process the XML data incorrectly, causing a circular linked list in the data structure representing the XML document. This may cause subsequent processing of the XML document to enter infinite loop, causing denial of service in the processing application.",
    "published": "2026-05-10T04:43:04.483Z",
    "modified": "2026-05-10T04:46:28.150Z",
    "type": "cve",
    "title": "DoS attack via DOMNode::C14N()",
    "source": "php",
    "references": "https://github.com/php/php-src/security/advisories/GHSA-4jhr-8w89-j733",
    "id": "CVE-2026-7263",
    "bulletinFamily": "",
    "cwe": [
        "CWE-404",
        "CWE-835"
    ],
    "cvelist": null,
    "sourceData": "PHP Group PHP 8.4.*\nPHP Group PHP 8.5.*",
    "sourceHref": "",
    "cvss": {
        "score": 6.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/AU:Y/RE:M/U:Amber",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "PHP",
    "version": "8.4.*",
    "vendor": "PHP Group",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}