PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-45785 openmcdf CVE debrief

CVE-2026-45785 is a denial of service vulnerability in OpenMcdf, a .NET library for Compound File Binary File Format files. The vulnerability is caused by a bug in the DirectoryTree.TryGetDirectoryEntry method that allows an attacker to craft a CFB file that drives an infinite loop, resulting in an unrecoverable denial of service. The bug is reachable from several methods, including RootStorage.OpenStorage, TryOpenStorage, OpenStream, and TryOpenStream. This issue is fixed in version 3.1.4. Users should review official advisories and prioritize patching to mitigate the vulnerability.

Vendor
openmcdf
Product
Unknown
CVSS
MEDIUM 6.2
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-17
Original CVE updated
2026-07-17
Advisory published
2026-07-17
Advisory updated
2026-07-17

Who should care

Users of OpenMcdf library, especially those who handle CFB files from untrusted sources, should be aware of this vulnerability and take steps to mitigate it. This includes validating and sanitizing CFB files, implementing compensating controls, and monitoring for suspicious activity. Affected operators and platforms should prioritize patching and review their vulnerability management processes.

Technical summary

The vulnerability is caused by a bug in the DirectoryTree.TryGetDirectoryEntry method (OpenMcdf/DirectoryTree.cs:35-46) that allows an attacker to craft a CFB file with cyclic Left/Right sibling links among directory entries. This causes the while (child is not null) loop to run forever, resulting in an unrecoverable denial of service. The bug is reachable from RootStorage.OpenStorage(name), TryOpenStorage(name), OpenStream(name), and TryOpenStream(name). The issue is fixed in version 3.1.4, and users should update to this version or later to mitigate the vulnerability.

Defensive priority

High

Recommended defensive actions

  • Update to version 3.1.4 or later
  • Validate and sanitize CFB files from untrusted sources
  • Implement compensating controls to detect and prevent suspicious activity
  • Review relevant monitoring, detection, and logs for exposed assets that need extra review
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
  • Plan vendor-supported updates or mitigations through normal change control where exposure is confirmed

Evidence notes

The CVE record was published on 2026-07-17T21:17:06.650Z and has not been modified since then. The NVD entry is currently 6.2 MEDIUM. Limited source detail is available. The OpenMcdf library is used for Compound File Binary File Format files, and the vulnerability affects version 3.1.3 and earlier. Users should verify their deployments and review official advisories for affected scope and vendor guidance.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-17T21:17:06.650Z and has not been modified since then.