Denial of Service Vulnerability in Excelize Go Library
CVE-2026-54063
7.5HIGH
What is CVE-2026-54063?
A vulnerability exists in the Excelize library for Go, specifically within the checkSheet() function, where an attacker can exploit unvalidated XML row attributes. This flaw allows for the creation of specially crafted XLSX files that can lead to two potential denial-of-service conditions: an out-of-memory error resulting from excessive memory allocation and a runtime panic due to out-of-bounds access. This affects any application that processes untrusted XLSX files. The issue has been addressed in version 2.11.0, which provides the necessary validation of XML input.
Affected Version(s)
excelize < 2.11.0
