CVE-2026-41034
CVE-2026-41034
ONLYOFFICE DocumentServer before 9.3.0 has an untrusted pointer dereference in XLS processing/conversion (via pictFmla.cbBufInCtlStm and other vectors), leading to an information leak and ASLR bypass.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Affected products
Ascensio · ONLYOFFICE DocumentServerWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →