Is there a patch available for CVE-2026-45802?

Yes, a patch is available for CVE-2026-45802. Update the affected software to the latest version immediately.

Setasign FPDI CVE-2026-45802

MEDIUM

Allocation of Resources Without Limits or Throttling (CWE-770)

2026-05-19 https://github.com/Setasign/FPDI

GHSA-2mgw-7q6p-8grg

Denial Of Service

Lifecycle Timeline

Source Code Evidence Fetched

May 19, 2026 - 20:17 vuln.today

Analysis Generated

May 19, 2026 - 20:17 vuln.today

DescriptionNVD

Impact

This is a significant Denial of Service (DoS) vulnerability. Any application that uses FPDI to process user-supplied PDF files is at risk. An attacker can upload a small, malicious PDF file that will cause the server-side script to crash due to memory exhaustion or a script time-out. Repeated attacks can lead to sustained service unavailability.

Patches

Fixed as of version 2.6.7

Workarounds

No.

References

No.

AnalysisAI

Memory exhaustion and endless loop in Setasign FPDI (composer package setasign/fpdi) allow remote attackers to crash PHP server-side scripts by uploading a small, specially crafted PDF file. All versions prior to 2.6.7 are affected, and any web application that exposes FPDI-based PDF processing to user-supplied input is vulnerable. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-45802 vulnerability details – vuln.today

Back