CVE-2026-3665 is a vulnerability identified in the xlnt-community xlnt library, versions up to 1.6.1, specifically affecting the XLSX file parser component. The issue resides in the function xlnt::detail::xlsx_consumer::read_office_document within the source/detail/serialization/xlsx_consumer.cpp file. The vulnerability is a null pointer dereference that occurs when the function processes XLSX files, leading to potential application crashes or denial of service. The attack vector requires local access with limited privileges (PR:L) and does not require user interaction or authentication, making it a local privilege escalation or denial of service risk rather than a remote code execution threat. The CVSS 4.0 base score is 4.8 (medium severity), reflecting the limited attack vector and impact scope. The exploit code is publicly available, which increases the risk of exploitation by local attackers. No known exploits in the wild have been reported yet. The vulnerability affects software that integrates xlnt for handling Excel XLSX files, which is common in various productivity and data processing applications. The flaw could be triggered by a crafted XLSX file processed locally, causing the application to crash due to the null pointer dereference. This can disrupt services or workflows relying on the xlnt library for document processing.

The primary impact of CVE-2026-3665 is denial of service through application crashes when processing maliciously crafted XLSX files. This can disrupt business operations that depend on software using the xlnt library for Excel file parsing. Although the vulnerability does not allow remote exploitation or privilege escalation directly, local attackers with limited privileges can exploit it to cause instability or service interruptions. This may affect desktop applications, backend services, or automated workflows that parse XLSX files using xlnt. In environments where multiple users share systems or where untrusted XLSX files are processed locally, the risk of disruption increases. The availability of a public exploit raises the likelihood of opportunistic attacks. However, the lack of remote attack vector and no requirement for user interaction limit the scope and severity of impact. Organizations relying heavily on xlnt for document processing may face operational downtime or require emergency patching to maintain service continuity.

To mitigate CVE-2026-3665, organizations should first apply any available patches or updates from the xlnt-community project once released. In the absence of patches, restrict local access to systems running software that uses xlnt to trusted users only, minimizing the risk of local exploitation. Implement strict input validation and sandboxing for XLSX file processing to prevent malformed files from causing crashes. Employ application-level monitoring and logging to detect abnormal crashes or denial of service conditions related to XLSX file handling. Consider using alternative XLSX parsing libraries with no known vulnerabilities if patching is not feasible. Educate users about the risks of opening untrusted XLSX files locally, even if the attack does not require user interaction, to reduce exposure. Regularly audit and update third-party libraries to ensure vulnerabilities are addressed promptly. Finally, maintain robust backup and recovery procedures to minimize operational impact in case of service disruption.