CVE-2026-3663

Name of the Vulnerable Software and Affected Versions xlnt versions up to 1.6.1

Description A flaw exists within the xlnt library, specifically in the XLSX File Parser component. This issue resides in the xlnt::detail::compound document istreambuf::xsgetn function within the source/detail/cryptography/compound document.cpp file. A manipulation of the file can lead to an out-of-bounds read, and the exploit has been publicly disclosed. The issue is only exploitable with local access.

Recommendations Apply patch 147 to resolve this issue.