CVE-2026-2703
CWE-189Published: February 19, 2026· Updated: Feb 19, 2026
Official Description
A weakness has been identified in xlnt-community xlnt up to 1.6.1. Impacted is the function xlnt::detail::decode_base64 of the file source/detail/cryptography/base64.cpp of the component Encrypted XLSX File Parser. Executing a manipulation can lead to off-by-one. The attack requires local access. The exploit has been made available to the public and could be used for attacks. This patch is called f2d7bf494e5c52706843cf7eb9892821bffb0734. Applying a patch is advised to resolve this issue.
Technical Analysis
CVE-2026-2703 requires local access, meaning attackers must already have a foothold on the target system.
Exploitation requires low privileges, which limits the exposure to scenarios where an attacker has already gained initial access.
CVSS v3.1 Vector Breakdown
Exploit & PoC Resources
All References (7)
Quick Facts
Related CVEs (CWE-189)
Recommended Actions
- →Apply vendor patches immediately
- →Monitor CVE-2026-2703 in threat intel feeds
- →Review IDS/IPS signatures for exploitation attempts