CVE-2026-41034

MEDIUM CVSS 5.0 View on NVD ↗

Description

ONLYOFFICE DocumentServer before 9.3.0 has an untrusted pointer dereference in XLS processing/conversion (via pictFmla.cbBufInCtlStm and other vectors), leading to an information leak and ASLR bypass.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

References

https://github.com/ONLYOFFICE/DocumentServer/blob/master/CHANGELOG.md

Published: Apr 16, 2026 07:16 UTC Modified: Apr 16, 2026 07:16 UTC