Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2026-59161

Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, the streaming worksheet reader used by Rows and GetRows does not enforce the TotalRows limit on the row r attribute, allowing a small XLSX file with a row number above 1048576 and no cell coordinate to make GetRows append empty rows up to the attacker-controlled index and consume excessive memory and CPU. This issue is fixed in version 2.11.0.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 40.9%
CVSS Severity
CVSS v3 Score 7.5
Products affected by CVE-2026-59161


Contact Us

Shodan ® - All rights reserved