CVE-2026-2703 is an off-by-one vulnerability found in the xlnt-community xlnt library, versions 1.6.0 and 1.6.1, within the decode_base64 function located in source/detail/cryptography/base64.cpp. This function is part of the Encrypted XLSX File Parser component, which handles decoding base64 data embedded in XLSX files. The off-by-one error arises from improper boundary checking during base64 decoding, potentially allowing an attacker with local access to manipulate memory adjacent to a buffer. Such memory corruption could lead to undefined behavior, including data corruption or crashes. The vulnerability requires local privileges to exploit, does not require user interaction, and does not affect confidentiality or integrity directly but may impact availability or stability of applications using the library. The vulnerability has been publicly disclosed with a patch available (commit f2d7bf494e5c52706843cf7eb9892821bffb0734). While no active exploitation has been observed, the availability of a public exploit increases the risk of future attacks. The medium CVSS score (4.8) reflects the limited attack vector (local access) and moderate impact. The xlnt library is used in software that processes XLSX files, so any application relying on this library for encrypted XLSX parsing is potentially affected.

The primary impact of CVE-2026-2703 is potential memory corruption due to an off-by-one error in base64 decoding within the xlnt library. For organizations, this could lead to application crashes or instability in software that processes encrypted XLSX files using xlnt versions 1.6.0 or 1.6.1. While the vulnerability does not directly compromise confidentiality or integrity, denial of service or unexpected behavior could disrupt business operations, especially in environments heavily reliant on automated XLSX file processing. Since exploitation requires local access with low privileges, the threat is more significant in multi-user systems or environments where attackers can gain initial foothold. The availability of a public exploit increases the likelihood of exploitation attempts. Organizations using xlnt in desktop applications, server-side XLSX processing, or embedded systems should consider this vulnerability a moderate risk that could affect system reliability and user trust.

To mitigate CVE-2026-2703, organizations should immediately update the xlnt library to a version later than 1.6.1 that includes the patch identified by commit f2d7bf494e5c52706843cf7eb9892821bffb0734. If updating is not immediately possible, restrict local access to systems running vulnerable versions by enforcing strict user permissions and limiting untrusted user accounts. Implement application whitelisting and monitor for unusual application crashes or memory errors related to XLSX file processing. Conduct code reviews and testing of any custom software integrating xlnt to detect anomalous behavior when handling encrypted XLSX files. Additionally, educate users about the risks of running untrusted XLSX files locally and employ endpoint detection and response (EDR) solutions to detect exploitation attempts. Finally, maintain up-to-date backups and incident response plans to quickly recover from potential denial-of-service or stability issues caused by exploitation.