CVE-2026-4430

HIGH

LibreOffice 25.8-25.8.6, 26.2-26.2.2 - Out-of-bounds Write via OOXML Encryption Salt Mismatch

Title source: llm

Description

Out-of-bounds write vulnerability in The Document Foundation LibreOffice via crafted OOXML documents with mismatched encryption salt parameters. This issue affects LibreOffice: from 26.2 before 26.2.3, from 25.8 before 25.8.7.

References (1)

Core 1

Core References

https://www.libreoffice.org/about-us/security/advisories/cve-2026-4430

Scores

CVSS v3 7.8

EPSS 0.0008

EPSS Percentile 0.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-787

Status published

Products (3)

libreoffice/libreoffice 25.8.0.0 - 25.8.7.0

The Document Foundation/LibreOffice 25.8 - 25.8.7

The Document Foundation/LibreOffice 26.2 - 26.2.3

Published May 07, 2026

Tracked Since May 07, 2026