A vulnerability was found in libxls up to 1.6.3 . It has been rated as critical . The impacted element is the function read_MSAT of the component OLE Container Parser . This manipulation causes uninitialized pointer. This vulnerability is handled as CVE-2026-26824 . The attack can only be done within the local network. There is not any exploit available.