VIR Vulnerability Intelligence Relay

Package impact

php COMPOSER / phpoffice/phpspreadsheet

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2026-40902 high 7.5 7.5 29d ago PhpSpreadsheet has CPU Denial of Service via Unbounded Row Number in XLSX Row Dimensions php
CVE-2026-40863 high 7.5 7.5 29d ago PhpSpreadsheet has CPU Denial of Service via Unbounded Row Index in SpreadsheetML XML Reader php
CVE-2026-40296 medium 5.4 5.4 1mo ago PhpSpreadsheet has XSS via number format code with @ text placeholder bypasses htmlspecialchars in HTML writer php
CVE-2026-35453 medium 5.4 5.4 1mo ago PhpSpreadsheet has XSS via NumberFormat @ Text Substitution in HTML Writer php