Deserialization in Phpoffice Phpspreadsheet
CVE-2026-45034
PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Prior to 1.30.5, CVE-2026-34084 was patched by the helper File::prohibitWrappers. The helper calls parse_url($filename, PHP_URL_SCHEME) and then checks is_stri…
Vulnerability class: Insecure Deserialization
Affected products
- Phpoffice Phpspreadsheet — versions < 1.30.5
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)