CVE-2026-41034 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

ONLYOFFICE DocumentServer before 9.3.0 has an untrusted pointer dereference in XLS processing/conversion (via pictFmla.cbBufInCtlStm and other vectors), leading…
Medium CVSS: 5.0

CVE-2026-41034

ONLYOFFICE DocumentServer before 9.3.0 has an untrusted pointer dereference in XLS processing/conversion (via pictFmla.cbBufInCtlStm and other vectors), leading to an information leak and ASLR bypass.
Vendor
-
Product
-
CWE
CWE-125
Yayın Tarihi
2026-04-16 07:16:30
Güncelleme
2026-04-16 07:16:30
Source Identifier
cve@mitre.org
KEV Date Added
-

Kategoriler

CWE-125 MEDIUM 2026

Referanslar

https://github.com/ONLYOFFICE/DocumentServer/blob/master/CHANGELOG.md