Detections
Analytics

CVE-2026-3665

medium

Description

A vulnerability was identified in xlnt-community xlnt up to 1.6.1. The affected element is the function xlnt::detail::xlsx_consumer::read_office_document of the file source/detail/serialization/xlsx_consumer.cpp of the component XLSX File Parser. The manipulation leads to null pointer dereference. The attack must be carried out locally. The exploit is publicly available and might be used.

References

https://vuldb.com/?submit.764647

https://vuldb.com/?id.349554

https://github.com/oneafter/0128/blob/main/xl4/repro

https://vuldb.com/?ctiid.349554

https://github.com/xlnt-community/xlnt/issues/140

https://github.com/xlnt-community/xlnt/

Details

Source: Mitre, NVD

Published: 2026-03-07

Updated: 2026-03-10

Risk Information

CVSS v2

Base Score: 1.7

Vector: CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:P

Severity: Low

CVSS v3

Base Score: 5.5

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: Medium

CVSS v4

Base Score: 4.8

Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Severity: Medium

EPSS

EPSS: 0.00013