CVE-2026-2703 | xlnt-community xlnt up to 1.6.1 Encrypted XLSX File Parser base64.cpp decode_base64 off-by-one (Issue 137)

Inserito da Angelo Barbosa | Feb 18, 2026 | CVE

A vulnerability categorized as problematic has been discovered in xlnt-community xlnt up to 1.6.1. Impacted is the function xlnt::detail::decode_base64 of the file source/detail/cryptography/base64.cpp of the component Encrypted XLSX File Parser. Executing a manipulation can lead to off-by-one.

This vulnerability appears as CVE-2026-2703. The attack requires local access. In addition, an exploit is available.

Applying a patch is advised to resolve this issue.

CVE-2026-2703 | xlnt-community xlnt up to 1.6.1 Encrypted XLSX File Parser base64.cpp decode_base64 off-by-one (Issue 137)

Post correlati

CVE-2024-53239 | Linux Kernel up to 6.12.1 ALSA usb6fire_chip_abort use after free

CVE-2024-30800 | PX4 Autopilot 1.14 No-Fly Zone access control

CVE-2025-5562 | PHPGurukul Curfew e-Pass Management System 1.0 edit-category-detail.php editid sql injection

CVE-2024-6626 | EleForms Plugin up to 2.9.9.9 on WordPress authorization