CVE-2026-2703

216.73.217.22

· Published 19/02/2026 07:17 · Modified 19/02/2026 15:52

Labels: CVE-2026-2703 2026-02-19 CVE-2026-2703 CWE-189 [email protected]

Essential information

Published: 19/02/2026 07:17
Modified: 19/02/2026 15:52
Author: —
Creator: —
CVSS: 4.8 MEDIUM (v3) 4.8 MEDIUM (v4.0)
CISA KEV: No
CWE: —
CVSS vector: —

CVSS metrics

Description

A weakness has been identified in xlnt-community xlnt up to 1.6.1. Impacted is the function xlnt::detail::decode_base64 of the file source/detail/cryptography/base64.cpp of the component Encrypted XLSX File Parser. Executing a manipulation can lead to off-by-one. The attack requires local access. The exploit has been made available to the public and could be used for attacks. This patch is called f2d7bf494e5c52706843cf7eb9892821bffb0734. Applying a patch is advised to resolve this issue.

NVD status

Status: Awaiting Analysis — CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
xlnt-community / xlnt	`cpe:2.3:a:xlnt-community:xlnt:<1.6.1:::::::*`