CVE-2026-3665 - Vulnerability Details

- xlnt-community xlnt XLSX File xlsx_consumer.cpp read_office_document null pointer dereference

Description

A vulnerability was identified in xlnt-community xlnt up to 1.6.1. The affected element is the function xlnt::detail::xlsx_consumer::read_office_document of the file source/detail/serialization/xlsx_consumer.cpp of the component XLSX File Parser. The manipulation leads to null pointer dereference. The attack must be carried out locally. The exploit is publicly available and might be used.

Published: 2026-03-07

Score: 4.8 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability resides in the xlsx_consumer.cpp module of the xlnt C++ library, specifically in the read_office_document function. Improper handling of certain XLSX inputs can trigger a null pointer dereference, causing the application to crash or terminate abnormally. This flaw is catalogued under CWE‑476 (Uninitialized Pointer Dereference) and CWE‑404 (Improper Resource Shutdown or Release).

Affected Systems

xlnt-community’s xlnt library, versions up to and including 1.6.1, is affected. Any application that incorporates this library and processes external XLSX files without additional validation may experience a crash.

Risk and Exploitability

The CVSS score of 4.8 indicates moderate severity, and the EPSS score is below 1 %, meaning a low but non‑zero likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog. Attack must be carried out locally: a user with local or privileged access can supply a crafted XLSX file that triggers the null pointer dereference. Publicly available exploit code exists, enabling a local adversary to cause a denial of service if the library operates in an untrusted context.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

xlnt-community

xlnt

affected

Version	Status	Constraints
`1.6.0`	affected	—
`1.6.1`	affected	—

Configuration 1 [-]

cpe:2.3:a:xlnt-community:xlnt:*:*:*:*:*:*:*:*

No data.

Vendor Product Confidence Versions

Xlnt-community

Xlnt

100%

Version	Status	Scheme	Platform
`1.6.0`	affected	semver	—
`1.6.1`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply any vendor patch or upgrade to a newer release of xlnt if one is available and addresses the null pointer dereference.
When an upgrade is not possible, run the XLSX parsing component in a sandboxed or least‑privileged environment to contain the crash to a confined process.
Implement strict application‑level validation of XLSX files before invoking the library, rejecting files that lack required XML namespaces or schemas to prevent malformed input from reaching the vulnerable code.

Generated by OpenCVE AI on April 17, 2026 at 12:10 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Access Vector Local

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00027.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://github.com/oneafter/0128/blob/main/xl4/repro
https://github.com/xlnt-community/xlnt/
https://github.com/xlnt-community/xlnt/issues/140
https://vuldb.com/?ctiid.349554
https://vuldb.com/?id.349554
https://vuldb.com/?submit.764647

History

Wed, 11 Mar 2026 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 10 Mar 2026 20:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:a:xlnt-community:xlnt::::::::

Mon, 09 Mar 2026 10:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Xlnt-community Xlnt-community xlnt
Vendors & Products		Xlnt-community Xlnt-community xlnt

Sat, 07 Mar 2026 15:45:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability was identified in xlnt-community xlnt up to 1.6.1. The affected element is the function xlnt::detail::xlsx_consumer::read_office_document of the file source/detail/serialization/xlsx_consumer.cpp of the component XLSX File Parser. The manipulation leads to null pointer dereference. The attack must be carried out locally. The exploit is publicly available and might be used.
Title		xlnt-community xlnt XLSX File xlsx_consumer.cpp read_office_document null pointer dereference
Weaknesses		CWE-404 CWE-476
References		https://github.com/oneafter/0128/blob/main/xl4/repro https://github.com/xlnt-community/xlnt/ https://github.com/xlnt-community/xlnt/issues/140 https://vuldb.com/?ctiid.349554 https://vuldb.com/?id.349554 https://vuldb.com/?submit.764647
Metrics		cvssV2_0 `{'score': 1.7, 'vector': 'AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 3.3, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 3.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 4.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Xlnt-community Xlnt

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-03-07T15:32:08.520Z

Updated: 2026-03-11T16:29:12.576Z

Reserved: 2026-03-06T20:34:47.839Z

Link: CVE-2026-3665

Vulnrichment

Updated: 2026-03-11T16:14:30.465Z

NVD

Status : Analyzed

Published: 2026-03-07T16:15:56.583

Modified: 2026-04-29T01:00:01.613

Link: CVE-2026-3665

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-17T12:15:18Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Access Vector Local

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object