CVE-2026-45802
MediumCVSS 6.0Exploitation Probability (EPSS)
Low risk12th percentile — higher than 12% of all known CVEs
Summary
FPDI is a collection of PHP classes that facilitate reading pages from existing PDF documents and using them as templates in FPDF. Prior to version 2.6.7, an attacker can upload a small, malicious PDF file that will cause the server-side script to crash due to memory exhaustion or a script time-out.
Risk Assessment
Repeated attacks can lead to sustained service unavailability, impacting the continuity of the organization's operations.
Recommendation
It is recommended to upgrade to version 2.6.7 or later to patch this vulnerability and prevent potential attacks.
Original NVD description (English source)
FPDI is a collection of PHP classes that facilitate reading pages from existing PDF documents and using them as templates in FPDF. Prior to version 2.6.7, an attacker can upload a small, malicious PDF file that will cause the server-side script to crash due to memory exhaustion or a script time-out. Repeated attacks can lead to sustained service unavailability. This issue has been patched in version 2.6.7.

