CVE-2026-3664

Name of the Vulnerable Software and Affected Versions xlnt versions up to 1.6.1

Description An issue exists in the xlnt library, specifically within the xlnt::detail::compound document::read directory function located in the source/detail/cryptography/compound document.cpp file. This relates to the Encrypted XLSX File Parser component and can lead to an out-of-bounds read condition. The issue is restricted to local execution and has been publicly disclosed.

Recommendations Apply patch 147 to resolve this issue.