CVE-2026-47110: Improper Handling of Unexpected Data Type in ueberdosis tiptap-php
Tiptap for PHP versions before 2.1.1 has an input validation vulnerability where authenticated users can submit malformed JSON with the attrs.href field as an array instead of a string. This causes an unhandled TypeError in the Link::isAllowedUri() function during server-side HTML rendering, leading to a denial of service. The malformed JSON records persist in the database and cause the rendering pipeline to crash for all subsequent viewers until the database entry is manually fixed.
AI Analysis
Technical Summary
CVE-2026-47110 describes an input validation vulnerability in ueberdosis tiptap-php prior to version 2.1.1. Authenticated attackers can submit Tiptap JSON with the attrs.href field set to an array rather than a string. This triggers an unhandled TypeError in the Link::isAllowedUri() function when preg_match() is called with the unexpected data type. The result is a denial of service because the malformed JSON record causes the server-side HTML rendering pipeline to crash for all users viewing that record until manual database repair is performed.
Potential Impact
The vulnerability allows authenticated attackers to cause a denial of service by crashing the server-side HTML rendering pipeline. The malformed JSON records persist in the database, causing continuous crashes for all users accessing the affected content until manual intervention is performed. This impacts availability of the service for all viewers of the corrupted record.
Mitigation Recommendations
No official patch or fix is currently confirmed. Users should upgrade to version 2.1.1 or later once available, as the vulnerability affects versions prior to 2.1.1. Until a fix is released, manual repair of corrupted database entries is required to restore service. Monitor vendor advisories for official remediation guidance.
CVE-2026-47110: Improper Handling of Unexpected Data Type in ueberdosis tiptap-php
Description
Tiptap for PHP versions before 2.1.1 has an input validation vulnerability where authenticated users can submit malformed JSON with the attrs.href field as an array instead of a string. This causes an unhandled TypeError in the Link::isAllowedUri() function during server-side HTML rendering, leading to a denial of service. The malformed JSON records persist in the database and cause the rendering pipeline to crash for all subsequent viewers until the database entry is manually fixed.
CVSS v4.0
Score 7.1high
Affected software
Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-47110 describes an input validation vulnerability in ueberdosis tiptap-php prior to version 2.1.1. Authenticated attackers can submit Tiptap JSON with the attrs.href field set to an array rather than a string. This triggers an unhandled TypeError in the Link::isAllowedUri() function when preg_match() is called with the unexpected data type. The result is a denial of service because the malformed JSON record causes the server-side HTML rendering pipeline to crash for all users viewing that record until manual database repair is performed.
Potential Impact
The vulnerability allows authenticated attackers to cause a denial of service by crashing the server-side HTML rendering pipeline. The malformed JSON records persist in the database, causing continuous crashes for all users accessing the affected content until manual intervention is performed. This impacts availability of the service for all viewers of the corrupted record.
Mitigation Recommendations
No official patch or fix is currently confirmed. Users should upgrade to version 2.1.1 or later once available, as the vulnerability affects versions prior to 2.1.1. Until a fix is released, manual repair of corrupted database entries is required to restore service. Monitor vendor advisories for official remediation guidance.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulnCheck
- Date Reserved
- 2026-05-18T19:22:26.748Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a3c501d4853345fc1e45bb8
Added to database: 06/24/2026, 21:46:05 UTC
Last enriched: 06/24/2026, 22:03:18 UTC
Last updated: 06/25/2026, 03:23:10 UTC
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.