CVE-2026-3665

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2026-3665
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-3665.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-3665
Published
2026-03-07T16:15:56.583Z
Modified
2026-03-14T02:00:24.278478Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

A vulnerability was identified in xlnt-community xlnt up to 1.6.1. The affected element is the function xlnt::detail::xlsxconsumer::readofficedocument of the file source/detail/serialization/xlsxconsumer.cpp of the component XLSX File Parser. The manipulation leads to null pointer dereference. The attack must be carried out locally. The exploit is publicly available and might be used.

References

Affected packages

Git / github.com/xlnt-community/xlnt

Affected ranges

Type
GIT
Repo
https://github.com/xlnt-community/xlnt
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
3b25b084eab473bb6009b8e3d03ba5ff10bb4891
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.6.1"
        }
    ]
}

Affected versions

v0.*
v0.9.0
v0.9.1
v0.9.2
v1.*
v1.0.0
v1.1.0
v1.2.0
v1.3.0
v1.4.0
v1.5.0
v1.6.0
v1.6.1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-3665.json"