CVE-2026-3663

CVSS v3.1

7.1

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions xlnt versions up to 1.6.1

Description A flaw exists within the xlnt library, specifically in the XLSX File Parser component. This issue resides in the xlnt::detail::compound document istreambuf::xsgetn function within the source/detail/cryptography/compound document.cpp file. A manipulation of the file can lead to an out-of-bounds read, and the exploit has been publicly disclosed. The issue is only exploitable with local access.

Recommendations Apply patch 147 to resolve this issue.

Exploit

Fix

Buffer Overflow

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-125

Related Identifiers

CVE-2026-3663

Affected Products

Xlnt

CVE-2026-3663

Weakness Enumeration

Related Identifiers

Affected Products

References · 15