VIR Vulnerability Intelligence Relay

Package impact

php COMPOSER / phpoffice/phpspreadsheet

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2026-34084 critical 9.8 9.8 28d ago PhpSpreadsheet has SSRF/RCE in IOFactory::load when $filename is user controlled php
CVE-2026-40296 medium 5.4 5.4 29d ago PhpSpreadsheet has XSS via number format code with @ text placeholder bypasses htmlspecialchars in HTML writer php
CVE-2026-35453 medium 5.4 5.4 29d ago PhpSpreadsheet has XSS via NumberFormat @ Text Substitution in HTML Writer php