Skip to content

CVE lookup

CVE-2026-34084

Pruva has a verified reproduction for CVE-2026-34084: PhpSpreadsheet: SSRF via unsafe stream wrapper in IOFactory::load(). The canonical evidence record is REPRO-2026-00150.

REPRO

REPRO-2026-00150

Package

phpoffice/phpspreadsheet · composer

Severity

CRITICAL

Status

published