Bug 2468572 (CVE-2026-7263)
| Summary: | CVE-2026-7263 php: denial of service via DOMNode::C14N() | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | rhel-process-autobot, watson-tool-maintainers |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A flaw was found in PHP. The `DOMNode::C14N()` method may incorrectly process XML data due to the improper removal of an `xmlns` attribute from the underlying libxml2 data structure, corrupting the linked list representing the XML document and causing an infinite loop. This issue can lead to excessive resource consumption, eventually resulting in a denial of service in the processing application.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
OSIDB Bzimport
2026-05-10 06:01:22 UTC
This issue has been addressed in the following products: Red Hat Enterprise Linux 10 Via RHSA-2026:22649 https://access.redhat.com/errata/RHSA-2026:22649 |