UBUNTU-CVE-2026-7263
- Source
- https://ubuntu.com/security/CVE-2026-7263
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-7263.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2026-7263
- Upstream
- Downstream
- Related
- Published
- 2026-05-10T06:16:00Z
- Modified
- 2026-05-28T15:46:29.779803350Z
- Severity
-
- 6.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/AU:Y/RE:M/U:Amber CVSS Calculator
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
In PHP versions 8.4.* before 8.4.21 and 8.5.* before 8.5.6, DOMNode::C14N() method may process the XML data incorrectly, causing a circular linked list in the data structure representing the XML document. This may cause subsequent processing of the XML document to enter infinite loop, causing denial of service in the processing application.
- References
Affected packages
Ubuntu:26.04:LTS / php8.5
Package
- Name
- php8.5
- Purl
- pkg:deb/ubuntu/php8.5?arch=source&distro=resolute
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed8.5.4-0ubuntu1.1
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libapache2-mod-php8.5",
"binary_version": "8.5.4-0ubuntu1.1"
},
{
"binary_name": "libphp8.5-embed",
"binary_version": "8.5.4-0ubuntu1.1"
},
{
"binary_name": "php8.5",
"binary_version": "8.5.4-0ubuntu1.1"
},
{
"binary_name": "php8.5-bcmath",
"binary_version": "8.5.4-0ubuntu1.1"
},
{
"binary_name": "php8.5-bz2",
"binary_version": "8.5.4-0ubuntu1.1"
},
{
"binary_name": "php8.5-cgi",
"binary_version": "8.5.4-0ubuntu1.1"
},
{
"binary_name": "php8.5-cli",
"binary_version": "8.5.4-0ubuntu1.1"
},
{
"binary_name": "php8.5-common",
"binary_version": "8.5.4-0ubuntu1.1"
},
{
"binary_name": "php8.5-curl",
"binary_version": "8.5.4-0ubuntu1.1"
},
{
"binary_name": "php8.5-dba",
"binary_version": "8.5.4-0ubuntu1.1"
},
{
"binary_name": "php8.5-enchant",
"binary_version": "8.5.4-0ubuntu1.1"
},
{
"binary_name": "php8.5-fpm",
"binary_version": "8.5.4-0ubuntu1.1"
},
{
"binary_name": "php8.5-gd",
"binary_version": "8.5.4-0ubuntu1.1"
},
{
"binary_name": "php8.5-gmp",
"binary_version": "8.5.4-0ubuntu1.1"
},
{
"binary_name": "php8.5-interbase",
"binary_version": "8.5.4-0ubuntu1.1"
},
{
"binary_name": "php8.5-intl",
"binary_version": "8.5.4-0ubuntu1.1"
},
{
"binary_name": "php8.5-ldap",
"binary_version": "8.5.4-0ubuntu1.1"
},
{
"binary_name": "php8.5-litespeed",
"binary_version": "8.5.4-0ubuntu1.1"
},
{
"binary_name": "php8.5-mbstring",
"binary_version": "8.5.4-0ubuntu1.1"
},
{
"binary_name": "php8.5-mysql",
"binary_version": "8.5.4-0ubuntu1.1"
},
{
"binary_name": "php8.5-odbc",
"binary_version": "8.5.4-0ubuntu1.1"
},
{
"binary_name": "php8.5-pgsql",
"binary_version": "8.5.4-0ubuntu1.1"
},
{
"binary_name": "php8.5-phpdbg",
"binary_version": "8.5.4-0ubuntu1.1"
},
{
"binary_name": "php8.5-readline",
"binary_version": "8.5.4-0ubuntu1.1"
},
{
"binary_name": "php8.5-snmp",
"binary_version": "8.5.4-0ubuntu1.1"
},
{
"binary_name": "php8.5-soap",
"binary_version": "8.5.4-0ubuntu1.1"
},
{
"binary_name": "php8.5-sqlite3",
"binary_version": "8.5.4-0ubuntu1.1"
},
{
"binary_name": "php8.5-sybase",
"binary_version": "8.5.4-0ubuntu1.1"
},
{
"binary_name": "php8.5-tidy",
"binary_version": "8.5.4-0ubuntu1.1"
},
{
"binary_name": "php8.5-xml",
"binary_version": "8.5.4-0ubuntu1.1"
},
{
"binary_name": "php8.5-xsl",
"binary_version": "8.5.4-0ubuntu1.1"
},
{
"binary_name": "php8.5-zip",
"binary_version": "8.5.4-0ubuntu1.1"
}
]
}