CVE-2026-26824

libxls through version 1.6.3 contains a use of uninitialized memory vulnerability in the OLE container parser. Memory allocated for the Master Sector Allocation Table MSAT in readMSAT is not fully initialized before being consumed by ole2validatesectorchain, which may result in application crashe...

CVE-2026-26825

A use-of-uninitialized memory vulnerability exists in libxls 1.6.3 when parsing malformed XLS files. The issue is reachable via xlsparseWorkBook and is triggered by uninitialized heap memory originating from the OLE layer ole2read. The flaw is detectable with MemorySanitizer MSAN and can lead to...

CVE-2026-26824

libxls through version 1.6.3 contains a use of uninitialized memory vulnerability in the OLE container parser. Memory allocated for the Master Sector Allocation Table MSAT in readMSAT is not fully initialized before being consumed by ole2validatesectorchain, which may result in application crashe...

CVE-2026-26824

libxls through version 1.6.3 contains a use of uninitialized memory vulnerability in the OLE container parser. Memory allocated for the Master Sector Allocation Table MSAT in readMSAT is not fully initialized before being consumed by ole2validatesectorchain, which may result in application crashe...

EUVD-2026-34178

libxls through version 1.6.3 contains a use of uninitialized memory vulnerability in the OLE container parser. Memory allocated for the Master Sector Allocation Table MSAT in readMSAT is not fully initialized before being consumed by ole2validatesectorchain, which may result in application crashe...

PT-2026-46058

A use-of-uninitialized memory vulnerability exists in libxls 1.6.3 when parsing malformed XLS files. The issue is reachable via xls parseWorkBook and is triggered by uninitialized heap memory originating from the OLE layer ole2 read. The flaw is detectable with MemorySanitizer MSAN and can lead t...

PT-2026-46057

libxls through version 1.6.3 contains a use of uninitialized memory vulnerability in the OLE container parser. Memory allocated for the Master Sector Allocation Table MSAT in read MSAT is not fully initialized before being consumed by ole2 validate sector chain, which may result in application...

CVE-2026-26824

CVE-2026-26824 affects libxls up to version 1.6.3. The issue is a use of uninitialized memory in the OLE container parser: memory allocated for the Master Sector Allocation Table (MSAT) in read_MSAT() is not fully initialized before being consumed by ole2_validate_sector_chain(), which may cause ...

CVE-2026-26825

A use-of-uninitialized memory vulnerability exists in libxls 1.6.3 when parsing malformed XLS files. The issue is reachable via xlsparseWorkBook and is triggered by uninitialized heap memory originating from the OLE layer ole2read. The flaw is detectable with MemorySanitizer MSAN and can lead to...

CVE-2026-26825

CVE-2026-26825 affects libxls 1.6.3 when parsing malformed XLS files. The issue is a use-of-uninitialized memory in the heap originating from the OLE layer (ole2_read), reachable via xls_parseWorkBook(). Impact is undefined behavior, potentially incorrect parsing logic or information disclosure; ...

EUVD-2026-22388

Access of resource using incompatible type 'type confusion' in Windows OLE allows an authorized attacker to elevate privileges locally...

CVE-2026-26162

CVE-2026-26162 is a Windows OLE vulnerability described as a type-confusion in resource access that enables a locally authenticated attacker to elevate privileges. The Red Hat and NVD/NCSC entries confirm the same issue, with Microsoft’s MSRC entry associating it to Windows OLE and listing Window...

Microsoft Windows 安全漏洞

Microsoft Windows is an operating system used by personal devices by the American company Microsoft. There are security vulnerabilities in Microsoft Windows OLE. Attackers can exploit these vulnerabilities to gain higher privileges. The following products and versions are affected: Windows 11...

PT-2026-32740

Name of the Vulnerable Software and Affected Versions Windows affected versions not specified Description A type confusion issue in Windows OLE allows an authorized attacker to access resources using an incompatible type, which can lead to local privilege escalation. Recommendations At the moment...

Exploit for Reliance on Untrusted Inputs in a Security Decision in Microsoft

Detections for the CVE-2026-21509 vulnerability in MS Office...

Exploit for Reliance on Untrusted Inputs in a Security Decision in Microsoft

🏛️CTT -Microsoft Office OLE Manifold BYPASS CVE-2026-21509 Stan...

Exploit for Reliance on Untrusted Inputs in a Security Decision in Microsoft

CVE-2026-21509 — Educational Dummy PoC for Defender Visibility...

Microsoft Office Zero-Day (CVE-2026-21509) - Emergency Patch Issued for Active Exploitation

Microsoft on Monday issued out-of-band security patches for a high-severity Microsoft Office zero-day vulnerability exploited in attacks. The vulnerability, tracked as CVE-2026-21509 , carries a CVSS score of 7.8 out of 10.0. It has been described as a security feature bypass in Microsoft Office...

About Remote Code Execution – Microsoft Office (CVE-2026-21509) vulnerability

About Remote Code Execution - Microsoft Office CVE-2026-21509 vulnerability. The vulnerability was urgently fixed on January 26, outside the regular Microsoft Patch Tuesday. Microsoft classified it as a Security Feature Bypass, but in fact, it is more of a Remote Code Execution. The vulnerability...

CVE-2025-65117

The vulnerability, if exploited, could allow an authenticated miscreant Process Optimization Designer User to embed OLE objects into graphics, and escalate their privileges to the identity of a victim user who subsequently interacts with the graphical elements...