CVE-2026-8358

UNKNOWN 0.0

Heap buffer overflow in spreadsheet tracked-changes import

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

LibreOffice Calc can import tracked changes from a spreadsheet document. A heap buffer overflow existed when a document reused the same change identifier for two different kinds of change. The importer then treated one change object as a different, larger type and wrote past the end of its allocation. In fixed versions records with a duplicate identifier are rejected.

CWE	CWE-843 CWE-787
Vendor	the document foundation
Product	libreoffice
Published	Jun 15, 2026
Last Updated	Jun 15, 2026

Stay Ahead of the Next One

Get instant alerts for the document foundation libreoffice

Be the first to know when new unknown vulnerabilities affecting the document foundation libreoffice are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

The Document Foundation / LibreOffice

26.2 < < 26.2.4

References

NVD ↗ CVE.org ↗ EPSS Data ↗

libreoffice.org: https://www.libreoffice.org/about-us/security/advisories/cve-2026-8358

Credits

Anthropic (automated discovery using Claude) Arthur Chan of Ada Logics (validation and reporting)