Resource exhaustion in Qax-os Excelize

CVE-2026-59161

Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, the streaming worksheet reader used by Rows and GetRows does not enforce the TotalRows limit on the row r attribute, allowing a small…

Vulnerability class: DoS (Denial of Service)

Affected products

Weakness classification (CWE)

References