CVE-2026-6040

UNKNOWN 0.0

Heap use-after-free in ODF number-format blank-width parsing

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

A heap use-after-free existed when importing the blank-width characters of an ODF number format. A position value read from the document was not checked against the length of the format-code string, so a malformed number format could be processed against memory outside that string. In fixed versions the position is bounds-checked before use.

CWE	CWE-416 CWE-787
Vendor	the document foundation
Product	libreoffice
Published	Jun 15, 2026
Last Updated	Jun 15, 2026

Stay Ahead of the Next One

Get instant alerts for the document foundation libreoffice

Be the first to know when new unknown vulnerabilities affecting the document foundation libreoffice are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

The Document Foundation / LibreOffice

25.8 < < 25.8.7 26.2 < < 26.2.3

References

NVD ↗ CVE.org ↗ EPSS Data ↗

libreoffice.org: https://www.libreoffice.org/about-us/security/advisories/cve-2026-6040

Credits

Anthropic (automated discovery using Claude) Trail of Bits (triage and validation)