CVE-2026-3665 is a vulnerability identified in the xlnt-community xlnt library, specifically affecting versions 1.6.0 and 1.6.1. The flaw exists in the XLSX file parser component, within the function xlnt::detail::xlsx_consumer::read_office_document, located in the source/detail/serialization/xlsx_consumer.cpp file. The vulnerability manifests as a null pointer dereference, which occurs when the function attempts to access or manipulate memory through a pointer that has not been properly initialized or has been set to null. This leads to an application crash or denial of service when processing specially crafted XLSX files. The attack vector is local, requiring the attacker to have low-level privileges on the target system, and no user interaction is necessary to trigger the vulnerability. The CVSS 4.8 score reflects medium severity, considering the limited attack surface and impact scope. Although an exploit is publicly available, there are no reports of active exploitation in the wild. The vulnerability does not allow privilege escalation, remote code execution, or data confidentiality breaches but can disrupt services relying on the xlnt library for XLSX file handling. The root cause is improper input validation or error handling in the XLSX parsing logic, which should be addressed by the vendor in future patches.

The primary impact of CVE-2026-3665 is denial of service due to application crashes when processing malicious XLSX files. Organizations that use the xlnt library for XLSX file parsing in local applications or services may experience instability or downtime if exposed to crafted files. This can disrupt workflows, especially in environments where automated XLSX processing is critical. Since exploitation requires local access and low privileges, the risk is somewhat contained within internal threat actors or compromised users. There is no direct risk of data exfiltration or remote code execution, limiting the severity to availability concerns. However, in high-availability or critical systems relying on xlnt, repeated crashes could lead to operational disruptions. The lack of known exploits in the wild reduces immediate threat but does not eliminate future risk. Overall, the impact is moderate but should not be ignored in sensitive or production environments.

To mitigate CVE-2026-3665, organizations should first verify if they are using xlnt versions 1.6.0 or 1.6.1 and plan to upgrade to a patched version once available. In the absence of an official patch, consider applying source code fixes that add null pointer checks and improve error handling in the xlsx_consumer.cpp file, particularly in the read_office_document function. Restrict local access to systems running applications that utilize xlnt to trusted users only, minimizing the risk of local exploitation. Implement application-level sandboxing or process isolation to contain potential crashes and prevent cascading failures. Monitor logs for abnormal application terminations related to XLSX file processing. Additionally, validate and sanitize XLSX files before processing, using alternative libraries or tools if necessary. Engage with the xlnt-community for updates and security advisories. Finally, incorporate this vulnerability into vulnerability management and incident response plans to ensure timely detection and remediation.