CVE-2026-41034 | Ascensio ONLYOFFICE DocumentServer up to 9.2.x XLS pictFmla.cbBufInCtlStm out-of-bounds

A vulnerability has been found in Ascensio ONLYOFFICE DocumentServer up to 9.2.x and classified as problematic. This vulnerability affects the function pictFmla.cbBufInCtlStm of the component XLS Handler. The manipulation leads to out-of-bounds read.

This vulnerability is traded as CVE-2026-41034. It is possible to initiate the attack remotely. There is no exploit available.

The affected component should be upgraded.VulDB Recent EntriesRead More