CVE-2026-4430: Heap Buffer Overflow in AgileEngine
Published May 7, 2026
·Updated
Last updated 21 May 2026
Affected Software
4 affected componentsFixes available
The Document Foundation LibreOffice>=26.2<26.2.3, >=25.8<25.8.7
LibreOffice Libreoffice>=25.8.0.0<25.8.7.0
LibreOffice Libreoffice>=26.2.0.0<26.2.3.0
debian/libreoffice<=1:7.0.4-4+deb11u10, <=1:7.0.4-4+deb11u13
4:7.4.7-1+deb12u124:7.4.7-1+deb12u114:25.2.3-2+deb13u44:26.2.3.2-24:26.2.4.2-1
Event History
May 7, 2026
CVE Published
via MITRE·07:16 AM
Data Sourced
via MITRE·07:16 AM
DescriptionWeakness
Data Sourced
via NVD·08:16 AM
DescriptionSeverityWeaknessAffected Software
May 28, 2026
Data Sourced
via Ubuntu·07:16 PM
RemedyDescriptionSeverityAffected Software
Data Sourced
via Launchpad·07:18 PM
Description
Jun 2, 2026
Data Sourced
via Debian·05:33 PM
DescriptionAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2026-4430?
CVE-2026-4430 is categorized as a high severity vulnerability due to its potential for remote code execution via heap buffer overflow.
2
How do I fix CVE-2026-4430?
To fix CVE-2026-4430, you should update LibreOffice to version 26.2.3 or later, or to version 25.8.7 or later.
3
What impact does CVE-2026-4430 have on data security?
CVE-2026-4430 can lead to unauthorized access and manipulation of data through crafted OOXML documents.
4
Which versions of LibreOffice are affected by CVE-2026-4430?
LibreOffice versions from 26.2 before 26.2.3 and from 25.8 before 25.8.7 are affected by CVE-2026-4430.
5
Can CVE-2026-4430 be exploited remotely?
Yes, CVE-2026-4430 can be exploited remotely through specially crafted documents shared via email or other means.