PatchSiren

openmcdf CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM openmcdf CVE published 2026-07-17

CVE-2026-45785

CVE-2026-45785 is a denial of service vulnerability in OpenMcdf, a .NET library for Compound File Binary File Format files. The vulnerability is caused by a bug in the DirectoryTree.TryGetDirectoryEntry method that allows an attacker to craft a CFB file that drives an infinite loop, resulting in an unrecoverable denial of service. The bug is reachable from several methods, including RootStorage.OpenStorag [truncated]