Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.8
Mismanaged List Box Calculation Triggers Potential Code Execution
CVE-2026-3779
Summary
This vulnerability affects the way the application handles list box calculations, potentially allowing an attacker to execute arbitrary code. This could be exploited by creating a crafted document that interacts with the list box calculation. To protect against this issue, ensure the application properly updates references to deleted or re-created objects.
Original title
The application's list box calculate array logic keeps stale references to page or form objects after they are deleted or re-created, which allows crafted documents to trigger a use-after-free when...
Original description
The application's list box calculate array logic keeps stale references to page or form objects after they are deleted or re-created, which allows crafted documents to trigger a use-after-free when the calculation runs and can potentially lead to arbitrary code execution.
nvd CVSS3.1
7.8
Vulnerability type
CWE-416
Use After Free
Published: 1 Apr 2026 · Updated: 1 Apr 2026 · First seen: 1 Apr 2026