CVE-2026-2703

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions xlnt versions up to 1.6.1

Description A flaw exists in the xlnt::detail::decode base64 function within the Encrypted XLSX File Parser component, specifically in the source/detail/cryptography/base64.cpp file. This can lead to an off-by-one error. Local access is required for exploitation. The exploit is publicly available.

Recommendations Apply the patch f2d7bf494e5c52706843cf7eb9892821bffb0734 to resolve this issue.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-189CWE-193

Related Identifiers

CVE-2026-2703

Affected Products

Xlnt

CVE-2026-2703

Weakness Enumeration

Related Identifiers

Affected Products

References · 12