suse · CVE-2026-7263

Quick triage

Priority: high Published: 2026-05-11 23:20:07 UTC Updated: 2026-05-11 23:20:07 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2026-7263 severity important: SUSE including 149 source package names (apache2-mod_php7, php7, …), 1020 product×package rows across 16 product lines (SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS, SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS, … (16 product lines)): Known Not Affected 973, Fixed 47.

Description:

In PHP versions 8.4.* before 8.4.21 and 8.5.* before 8.5.6, DOMNode::C14N() method may process the XML data incorrectly, causing a circular linked list in the data structure representing the XML document. This may cause subsequent processing of the XML document to enter infinite loop, causing denial of service in the processing application.

cvelogic Threat Intelligence