CVE-2026-3665
Null Pointer Dereference in xlnt XLSX File Parser (Local Exploit
Publication date: 2026-03-07
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| xlnt-community | xlnt | to 1.6.1 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-404 | The product does not release or incorrectly releases a resource before it is made available for re-use. |
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-3665 is a null pointer dereference vulnerability in the xlnt library, specifically in the function xlnt::detail::xlsx_consumer::read_office_document. This function processes XLSX files and, when given a malformed XLSX file, attempts to access members of a relationship object that may be NULL or invalid due to missing XML attributes.
The vulnerability occurs because the code does not properly validate these relationship objects before accessing their members, leading to a NULL pointer dereference. This causes a segmentation fault and crashes the application when parsing such malformed files.
Exploitation requires local access and involves loading a crafted XLSX file that triggers the crash during the document parsing process.
How can this vulnerability impact me? :
This vulnerability can cause the affected application using the xlnt library to crash or exit unexpectedly when processing maliciously crafted XLSX files.
The impact is primarily a denial of service (DoS), as the null pointer dereference leads to a segmentation fault that disrupts normal operation and availability of the software.
Since exploitation requires local access, an attacker must have some level of access to the system to trigger the vulnerability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to load a crafted malformed XLSX file using the xlnt library and observing if a crash or segmentation fault occurs during the parsing process.'}, {'type': 'paragraph', 'content': 'A practical detection method involves building the xlnt library with AddressSanitizer (ASan) enabled and running a test harness program that loads the suspicious XLSX file. The crash typically occurs during the call to `wb.load(filepath)`.'}, {'type': 'paragraph', 'content': 'No specific network detection commands are provided, as the attack requires local access and involves local file parsing.'}, {'type': 'list_item', 'content': 'Build xlnt with ASan enabled (Clang compiler recommended).'}, {'type': 'list_item', 'content': 'Run a test program that loads the XLSX file, for example, using code similar to:\n\n```cpp\nxlnt::workbook wb;\ntry {\n wb.load("malformed.xlsx");\n} catch (...) {\n // handle exceptions silently\n}\n```\nObserve if a segmentation fault or crash occurs.'}] [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Currently, no known patches or countermeasures are available for this vulnerability.
Immediate mitigation steps include restricting local access to systems running the vulnerable xlnt library versions (up to 1.6.1) and avoiding processing untrusted or malformed XLSX files.
Consider replacing the affected xlnt component with an alternative XLSX parsing library that is not vulnerable.
Monitor for updates or patches from the xlnt-community and apply them once available.