CVE-2026-41034
CVE-2026-41034
ONLYOFFICE DocumentServer before 9.3.0 has an untrusted pointer dereference in XLS processing/conversion (via pictFmla.cbBufInCtlStm and other vectors), leading to an information leak and ASLR bypass.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Productos afectados
Ascensio · ONLYOFFICE DocumentServer¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →