Security Advisory

CVE-2026-41034

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-04-16 06:06:44
Last updated 2026-04-16 12:31:05
Assigner mitre
State PUBLISHED

Description

ONLYOFFICE DocumentServer before 9.3.0 has an untrusted pointer dereference in XLS processing/conversion (via pictFmla.cbBufInCtlStm and other vectors), leading to an information leak and ASLR bypass.