Impact
Tiptap for PHP versions before 2.1.1 contain an input validation flaw that allows an authenticated user to submit Tiptap JSON with the attrs.href field set to an array instead of a string. When the library attempts to validate the href, the improperly typed value is passed to preg_match() inside Link::isAllowedUri(), resulting in an unhandled TypeError that crashes the server‑side HTML rendering pipeline. The malicious record remains stored in the database and causes a permanent denial of service for all subsequent viewers until the database entry is manually repaired.
Affected Systems
Affected systems are PHP applications that rely on the Tiptap for PHP library distributed by ueberdosis. All releases prior to v2.1.1 are vulnerable. The library is commonly used to transform Tiptap JSON documents into HTML on the server side, so any deployment incorporating a compromised version can be impacted.
Risk and Exploitability
The CVSS score of 7.1 indicates a high‑severity vulnerability. Exploitation requires authenticated access to inject the malformed JSON; however, once the payload is stored, it causes a server crash that cannot be recovered until manual cleanup. EPSS data is not available and the vulnerability is not listed in the CISA KEV catalog, suggesting limited known exploitation, but the ease of crafting the payload combined with high impact makes it a significant risk for systems using pre‑2.1.1 Tiptap PHP installations.
OpenCVE Enrichment