PT-2026-22730 · Xlnt Community · Xlnt

Oneafter

Published

2026-03-03

Updated

2026-03-10

CVE-2026-3463

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions xlnt-community xlnt versions up to 1.6.1

Description A flaw exists in xlnt-community xlnt up to version 1.6.1 related to the xlnt::detail::binary writer::append function within the source/detail/binary.hpp file of the Compound Document Parser component. This issue results in a heap-based buffer overflow. The exploitation of this issue is limited to local execution. The exploit code has been publicly released.

Recommendations Install patch 147 to address this issue.

Exploit

Fix

Buffer Overflow

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-122

Related Identifiers

CVE-2026-3463

Affected Products

Xlnt

PT-2026-22730 · Xlnt Community · Xlnt

CVE-2026-3463

Weakness Enumeration

Related Identifiers

Affected Products

References · 17