[HIGH] PhpSpreadsheet has CPU Denial of Service via Unbounded Row Number in XLSX Row Dimensions

PKSA-gz3f-3cz3-3wsw CVE-2026-40902 GHSA-7c6m-4442-2x6m

Affected package: phpoffice/phpspreadsheet

Affected version: <=1.30.3|>=2.0.0,<=2.1.15|>=2.2.0,<=2.4.4|>=3.3.0,<=3.10.4|>=4.0.0,<=5.6.0

Reported by:
GitHub