CVE-2023-26435

CVSS 3.1 Score 5.0 of 10 (medium)

Details

Published Jun 20, 2023
Updated: Jan 12, 2024
CWE ID 918

Summary

CVE-2023-26435 is a vulnerability in LibreOffice that allowed manipulated ODT documents to call filesystem and network references through a local instance. This issue could expose restricted network topology and services, as well as enable the inclusion of local files with read permissions of the open-xchange system user. The vulnerability was limited to certain file types, primarily images. To mitigate the risk, existing content filters and validators have been enhanced to prevent the inclusion of any local resources. No publicly available exploits for this vulnerability have been reported as of now.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share