PatchSiren cyber security CVE debrief
CVE-2026-45785 openmcdf CVE debrief
CVE-2026-45785 is a denial of service vulnerability in OpenMcdf, a .NET library for Compound File Binary File Format files. The vulnerability is caused by a bug in the DirectoryTree.TryGetDirectoryEntry method that allows an attacker to craft a CFB file that drives an infinite loop, resulting in an unrecoverable denial of service. The bug is reachable from several methods, including RootStorage.OpenStorage, TryOpenStorage, OpenStream, and TryOpenStream. This issue is fixed in version 3.1.4. Users should review official advisories and prioritize patching to mitigate the vulnerability.
- Vendor
- openmcdf
- Product
- Unknown
- CVSS
- MEDIUM 6.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-17
- Original CVE updated
- 2026-07-17
- Advisory published
- 2026-07-17
- Advisory updated
- 2026-07-17
Who should care
Users of OpenMcdf library, especially those who handle CFB files from untrusted sources, should be aware of this vulnerability and take steps to mitigate it. This includes validating and sanitizing CFB files, implementing compensating controls, and monitoring for suspicious activity. Affected operators and platforms should prioritize patching and review their vulnerability management processes.
Technical summary
The vulnerability is caused by a bug in the DirectoryTree.TryGetDirectoryEntry method (OpenMcdf/DirectoryTree.cs:35-46) that allows an attacker to craft a CFB file with cyclic Left/Right sibling links among directory entries. This causes the while (child is not null) loop to run forever, resulting in an unrecoverable denial of service. The bug is reachable from RootStorage.OpenStorage(name), TryOpenStorage(name), OpenStream(name), and TryOpenStream(name). The issue is fixed in version 3.1.4, and users should update to this version or later to mitigate the vulnerability.
Defensive priority
High
Recommended defensive actions
- Update to version 3.1.4 or later
- Validate and sanitize CFB files from untrusted sources
- Implement compensating controls to detect and prevent suspicious activity
- Review relevant monitoring, detection, and logs for exposed assets that need extra review
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
- Plan vendor-supported updates or mitigations through normal change control where exposure is confirmed
Evidence notes
The CVE record was published on 2026-07-17T21:17:06.650Z and has not been modified since then. The NVD entry is currently 6.2 MEDIUM. Limited source detail is available. The OpenMcdf library is used for Compound File Binary File Format files, and the vulnerability affects version 3.1.3 and earlier. Users should verify their deployments and review official advisories for affected scope and vendor guidance.
Official resources
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-17T21:17:06.650Z and has not been modified since then.