{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-2703", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-02-18T17:59:02.756Z", "datePublished": "2026-02-19T04:02:10.794Z", "dateUpdated": "2026-02-24T01:40:43.838Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-23T10:28:34.926Z"}, "title": "xlnt-community xlnt Encrypted XLSX File base64.cpp decode_base64 off-by-one", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-193", "lang": "en", "description": "Off-by-One"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-189", "lang": "en", "description": "Numeric Error"}]}], "affected": [{"vendor": "xlnt-community", "product": "xlnt", "versions": [{"version": "1.6.0", "status": "affected"}, {"version": "1.6.1", "status": "affected"}], "modules": ["Encrypted XLSX File Parser"]}], "descriptions": [{"lang": "en", "value": "A weakness has been identified in xlnt-community xlnt up to 1.6.1. Impacted is the function xlnt::detail::decode_base64 of the file source/detail/cryptography/base64.cpp of the component Encrypted XLSX File Parser. Executing a manipulation can lead to off-by-one. The attack requires local access. The exploit has been made available to the public and could be used for attacks. This patch is called f2d7bf494e5c52706843cf7eb9892821bffb0734. Applying a patch is advised to resolve this issue."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 1.7, "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C"}}], "timeline": [{"time": "2026-02-18T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-02-18T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-02-18T19:04:11.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Oneafter (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.346649", "name": "VDB-346649 | xlnt-community xlnt Encrypted XLSX File base64.cpp decode_base64 off-by-one", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.346649", "name": "VDB-346649 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.754377", "name": "Submit #754377 | xlnt-community xlnt 5606f5b Heap-based Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://github.com/xlnt-community/xlnt/issues/137", "tags": ["issue-tracking"]}, {"url": "https://github.com/oneafter/0128/blob/main/xl1/repro", "tags": ["exploit"]}, {"url": "https://github.com/xlnt-community/xlnt/commit/f2d7bf494e5c52706843cf7eb9892821bffb0734", "tags": ["patch"]}, {"url": "https://github.com/xlnt-community/xlnt/", "tags": ["product"]}], "tags": ["x_open-source"]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-24T01:40:32.932647Z", "id": "CVE-2026-2703", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-24T01:40:43.838Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-2703", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-24T01:40:32.932647Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-24T01:40:39.228Z"}}], "cna": {"tags": ["x_open-source"], "title": "xlnt-community xlnt Encrypted XLSX File base64.cpp decode_base64 off-by-one", "credits": [{"lang": "en", "type": "reporter", "value": "Oneafter (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 1.7, "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C"}}], "affected": [{"vendor": "xlnt-community", "modules": ["Encrypted XLSX File Parser"], "product": "xlnt", "versions": [{"status": "affected", "version": "1.6.0"}, {"status": "affected", "version": "1.6.1"}]}], "timeline": [{"lang": "en", "time": "2026-02-18T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-02-18T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-02-18T19:04:11.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.346649", "name": "VDB-346649 | xlnt-community xlnt Encrypted XLSX File base64.cpp decode_base64 off-by-one", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.346649", "name": "VDB-346649 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.754377", "name": "Submit #754377 | xlnt-community xlnt 5606f5b Heap-based Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://github.com/xlnt-community/xlnt/issues/137", "tags": ["issue-tracking"]}, {"url": "https://github.com/oneafter/0128/blob/main/xl1/repro", "tags": ["exploit"]}, {"url": "https://github.com/xlnt-community/xlnt/commit/f2d7bf494e5c52706843cf7eb9892821bffb0734", "tags": ["patch"]}, {"url": "https://github.com/xlnt-community/xlnt/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A weakness has been identified in xlnt-community xlnt up to 1.6.1. Impacted is the function xlnt::detail::decode_base64 of the file source/detail/cryptography/base64.cpp of the component Encrypted XLSX File Parser. Executing a manipulation can lead to off-by-one. The attack requires local access. The exploit has been made available to the public and could be used for attacks. This patch is called f2d7bf494e5c52706843cf7eb9892821bffb0734. Applying a patch is advised to resolve this issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-193", "description": "Off-by-One"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-189", "description": "Numeric Error"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-23T10:28:34.926Z"}}}, "cveMetadata": {"cveId": "CVE-2026-2703", "state": "PUBLISHED", "dateUpdated": "2026-02-24T01:40:43.838Z", "dateReserved": "2026-02-18T17:59:02.756Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-02-19T04:02:10.794Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:xlnt-community:xlnt:*:*:*:*:*:*:*:*", "matchCriteriaId": "9B381094-639E-4E21-8CB0-60C480F02400", "versionEndIncluding": "1.6.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A weakness has been identified in xlnt-community xlnt up to 1.6.1. Impacted is the function xlnt::detail::decode_base64 of the file source/detail/cryptography/base64.cpp of the component Encrypted XLSX File Parser. Executing a manipulation can lead to off-by-one. The attack requires local access. The exploit has been made available to the public and could be used for attacks. This patch is called f2d7bf494e5c52706843cf7eb9892821bffb0734. Applying a patch is advised to resolve this issue."}, {"lang": "es", "value": "Se ha identificado una debilidad en xlnt-community xlnt hasta 1.6.1. La cual afecta a la funci\u00f3n xlnt::detail::decode_base64 del archivo source/detail/cryptography/base64.cpp del componente Analizador de Archivos XLSX Cifrados. Si se manipula se puede provocar un off-by-one. El ataque requiere acceso local. El exploit se ha puesto a disposici\u00f3n del p\u00fablico y podr\u00eda usarse para ataques. Este parche se llama f2d7bf494e5c52706843cf7eb9892821bffb0734. Se aconseja aplicar el parche para resolver este problema."}], "id": "CVE-2026-2703", "lastModified": "2026-04-29T01:00:01.613", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 1.7, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.1, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 1.9, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-02-19T07:17:49.477", "references": [{"source": "cna@vuldb.com", "tags": ["Exploit"], "url": "https://github.com/oneafter/0128/blob/main/xl1/repro"}, {"source": "cna@vuldb.com", "tags": ["Product"], "url": "https://github.com/xlnt-community/xlnt/"}, {"source": "cna@vuldb.com", "tags": ["Patch"], "url": "https://github.com/xlnt-community/xlnt/commit/f2d7bf494e5c52706843cf7eb9892821bffb0734"}, {"source": "cna@vuldb.com", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "url": "https://github.com/xlnt-community/xlnt/issues/137"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?ctiid.346649"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.346649"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.754377"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-189"}, {"lang": "en", "value": "CWE-193"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.6.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.6.1"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "xlnt", "source": "cna", "vendor": "xlnt-community"}, "product": "xlnt", "vendor": "xlnt-community"}], "analysis": {"en": {"generated_at": "2026-04-17T18:16:29.985874+00:00", "value": {"mitigation_remediation": ["Update xlnt to a version that includes commit f2d7bf494e5c52706843cf7eb9892821bffb0734 or later", "If an update cannot be applied immediately, isolate the process that loads xlnt in a sandboxed or least\u2011privilege environment to limit the impact of a possible crash or code execution", "Implement additional input validation or integrity checks on XLSX files before invoking xlnt\u2019s decoding routine to mitigate malformed payloads"], "summary": {"action": "Patch Library", "impact": "Memory corruption with local privilege escalation potential"}, "threat_synthesis": {"affected_systems": "The issue affects xlnt-community\u2019s xlnt library up to version 1.6.1. The patch addressing the defect is referenced by commit f2d7bf494e5c52706843cf7eb9892821bffb0734 and is available in subsequent releases. Systems that compile or link against versions prior to the patch are vulnerable.", "description_and_impact": "A vulnerability exists in the xlnt library\u2019s base64 decoding routine used for encrypted XLSX files. The off\u2011by\u2011one error can corrupt memory when processing a malformed input, which may allow an attacker with local access to trigger crashes or potentially execute arbitrary code. The weakness is classified as an integer truncation (CWE\u2011189) and an off\u2011by\u2011one index error (CWE\u2011193).", "risk_and_exploitability": "The CVSS score of 4.8 reflects moderate severity, and the EPSS score of below 1% suggests a very low likelihood of exploitation. The defect is not listed in the CISA KEV catalog. Exploitation requires local access to the machine running the vulnerable library; an attacker would need to deliver a specially crafted XLSX file to a process that uses xlnt. Because the flaw can trigger memory corruption, a successful exploit could elevate privileges or run arbitrary code on the local host."}}}}, "created": "2026-02-19T10:07:27.716012+00:00", "updated": "2026-04-17T18:30:05.643955+00:00", "vendors": ["xlnt-community", "xlnt-community$PRODUCT$xlnt"]}