CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-26825

A use-of-uninitialized memory vulnerability exists in libxls 1.6.3 when parsing malformed XLS files. The issue is reachable via xls_parseWorkBook() and is triggered by uninitialized heap memory originating from the OLE layer (ole2_read). The flaw is detectable with MemorySanitizer (MSAN) and can lead to undefined behavior, incorrect parsing logic, or potential information disclosure.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 7.2%

CVSS Severity

CVSS v3 Score 5.3

References

https://github.com/libxls/libxls/issues/156

Products affected by CVE-2026-26825

Libxls Project » Libxls » Version: 1.6.3

cpe:2.3:a:libxls_project:libxls:1.6.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-26825

Products

Pricing

Contact Us