PatchSiren cyber security CVE debrief
CVE-2026-45802 Setasign CVE debrief
CVE-2026-45802 is a denial of service (DoS) vulnerability in FPDI, a PHP library for reading pages from existing PDF documents. Prior to version 2.6.7, an attacker can upload a small, malicious PDF file that will cause the server-side script to crash due to memory exhaustion or a script time-out. Repeated attacks can lead to sustained service unavailability. The vulnerability has been patched in version 2.6.7.
- Vendor
- Setasign
- Product
- FPDI
- CVSS
- MEDIUM 6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-11
- Original CVE updated
- 2026-06-11
- Advisory published
- 2026-06-11
- Advisory updated
- 2026-06-11
Who should care
Users of FPDI library prior to version 2.6.7 should upgrade to version 2.6.7 or later to prevent denial of service attacks.
Technical summary
The vulnerability exists in FPDI library prior to version 2.6.7. An attacker can upload a small, malicious PDF file that will cause the server-side script to crash due to memory exhaustion or a script time-out.
Defensive priority
MEDIUM
Recommended defensive actions
- Upgrade FPDI library to version 2.6.7 or later.
- Validate and sanitize user-uploaded PDF files.
Evidence notes
CVE-2026-45802 has a CVSS score of 6 and is classified as MEDIUM severity.
Official resources
CVE-2026-45802 was published on 2026-06-11T20:16:23.090Z and modified on 2026-06-11T20:51:35.917Z.