CVE-2026-45802

UNKNOWN 0.0

FPDI: Memory Exhaustion and Endless Loop in FPDI leads to Denial of Service

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

FPDI is a collection of PHP classes that facilitate reading pages from existing PDF documents and using them as templates in FPDF. Prior to version 2.6.7, an attacker can upload a small, malicious PDF file that will cause the server-side script to crash due to memory exhaustion or a script time-out. Repeated attacks can lead to sustained service unavailability. This issue has been patched in version 2.6.7.

CWE	CWE-770 CWE-400
Vendor	setasign
Product	fpdi
Published	Jun 11, 2026

Stay Ahead of the Next One

Get instant alerts for setasign fpdi

Be the first to know when new unknown vulnerabilities affecting setasign fpdi are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Setasign / FPDI

< 2.6.7

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/Setasign/FPDI/security/advisories/GHSA-2mgw-7q6p-8grg github.com: https://github.com/Setasign/FPDI/commit/1695cfcc7e01fe844a7296b3de90855a3fa65be6 github.com: https://github.com/Setasign/FPDI/releases/tag/v2.6.7