CVE-2026-59162 is a vulnerability in Excelize, a Go library for reading and writing Microsoft Excel spreadsheets. Prior to version 2.11.0, Excelize does not properly handle shared-string cell values, allowing an attacker to trigger a panic when reading a malformed XLSX file through the GetCellValue or GetRows functions. The vulnerability exists because Excelize uses strconv.Atoi to parse shared-string cel [truncated]
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-10T17:17:02.250Z and has not been modified since then. The Excelize library, used for reading and writing Microsoft Excel spreadsheets in Go, had a vulnerability prior to version 2.11.0. This vulnerability allows a small XLSX file with a row number above 1048576 and no cell coordinate to make GetRow [truncated]
CVE-2026-54063 is a denial-of-service vulnerability in Excelize, a Go library for reading and writing Microsoft Excel spreadsheets. The vulnerability exists in the checkSheet() function, which uses an attacker-controlled XML attribute value directly as the length argument to make([]xlsxRow, row) without validating it against the Excel row limit (TotalRows = 1,048,576). A specially crafted XLSX file can tr [truncated]