CVE Catalog

CVE-2026-27435

MediumCVSS 5.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.24%

15th percentile — higher than 15% of all known CVEs

Summary

Missing Authorization vulnerability in Woffice allows exploiting incorrectly configured access control security levels. This issue affects Woffice versions before 5.4.33.

Risk Assessment

An attacker can gain unauthorized access to functions or data, leading to confidentiality and integrity breaches.

Recommendation

Immediately update Woffice to version 5.4.33 or later.

Original NVD description (English source)

Missing Authorization vulnerability in WofficeIO Woffice allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Woffice: from n/a before 5.4.33.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS