The vulnerability CVE-2026-32630 affects the sindresorhus file-type library, which is widely used to detect file types from buffers, blobs, or files. Between versions 20.0.0 and 21.3.1, the library improperly handles highly compressed ZIP files during type detection. Specifically, when processing ZIP-based formats such as OOXML, the library inflates compressed data to determine the file type. While stream-based detection enforces an inflate output limit to prevent excessive memory usage, this limit is not applied when the input size is known upfront. Consequently, a crafted ZIP file with a small compressed size can decompress into a significantly larger payload, causing excessive memory growth. This behavior can lead to denial of service by exhausting system memory resources. The vulnerability is classified under CWE-409 (Improper Handling of Highly Compressed Data leading to Data Amplification). It can be exploited remotely without requiring authentication or user interaction by submitting a malicious ZIP file to an application using the vulnerable library functions fileTypeFromBuffer(), fileTypeFromBlob(), or fileTypeFromFile(). The issue was publicly disclosed on March 13, 2026, and fixed in version 21.3.2 of the file-type library. The CVSS v3.1 base score is 5.3 (medium severity), reflecting the lack of impact on confidentiality or integrity but a clear availability impact due to potential denial of service.

Organizations using the sindresorhus file-type library versions 20.0.0 to 21.3.1 in their applications or services are at risk of denial of service attacks. An attacker can submit a crafted ZIP file that triggers excessive memory consumption during file type detection, potentially causing application crashes or system instability. This can disrupt services that rely on file-type detection for processing uploads, file validation, or content inspection. The impact is primarily on availability, with no direct compromise of confidentiality or integrity. However, denial of service can lead to operational downtime, degraded user experience, and increased resource costs. Systems with limited memory or those processing untrusted file uploads are particularly vulnerable. Although no known exploits are reported in the wild, the ease of triggering this condition without authentication or user interaction increases the risk of opportunistic attacks. This vulnerability can affect web applications, cloud services, and any software components that incorporate the vulnerable file-type library for file format detection.

To mitigate this vulnerability, organizations should upgrade the sindresorhus file-type library to version 21.3.2 or later, where the issue is fixed. If immediate upgrade is not feasible, implement input validation and size checks on ZIP files before processing them with file-type detection functions. Limit the size of files accepted for type detection and reject suspiciously small compressed files that could decompress into large payloads. Employ resource usage monitoring and impose memory usage limits on processes handling file uploads to detect and prevent excessive consumption. Consider sandboxing or isolating file-type detection operations to contain potential denial of service effects. Additionally, review and update dependency management practices to ensure timely application of security patches in third-party libraries. Finally, monitor application logs for unusual memory usage patterns or crashes related to file processing.