Documentserver
Sign in to watchby ONLYOFFICE
Source repositories
CVEs (3)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-41034 | Med | 0.33 | 5.0 | 0.00 | Apr 16, 2026 | ONLYOFFICE DocumentServer before 9.3.0 has an untrusted pointer dereference in XLS processing/conversion (via pictFmla.cbBufInCtlStm and other vectors), leading to an information leak and ASLR bypass. | |
| CVE-2025-68936 | 0.00 | — | 0.00 | Dec 25, 2025 | ONLYOFFICE Docs before 9.2.1 allows XSS via the Color theme name. This is related to DocumentServer. | ||
| CVE-2025-68935 | 0.00 | — | 0.00 | Dec 25, 2025 | ONLYOFFICE Docs before 9.2.1 allows XSS via the Font field for the Multilevel list settings window. This is related to DocumentServer. |