CVE-2026-26825EPSS p10.4%

CVE-2026-26825CVE-2026-26825

libxls_project / libxls

Description

A use-of-uninitialized memory vulnerability exists in libxls 1.6.3 when parsing malformed XLS files. The issue is reachable via xls_parseWorkBook() and is triggered by uninitialized heap memory originating from the OLE layer (ole2_read). The flaw is detectable with MemorySanitizer (MSAN) and can lead to undefined behavior, incorrect parsing logic, or potential information disclosure.

Scoring

CVSS 5.3 ()
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS0.21% probability of exploitation · percentile 10.4% · 2026-06-19T12:03:05Z
Last modified2026-06-08

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-26824
CVE
CVE-2026-44822
CVE
CVE-2026-45455
CVE
CVE-2025-21362
CVE
CVE-2026-44823
CVE
CVE-2026-40362
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.