CVE-2026-41034
CVE-2026-41034
ONLYOFFICE DocumentServer before 9.3.0 has an untrusted pointer dereference in XLS processing/conversion (via pictFmla.cbBufInCtlStm and other vectors), leading to an information leak and ASLR bypass.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Produtos afetados
Ascensio · ONLYOFFICE DocumentServerQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →