CVE-2026-41511EPSS p8.4%

CVE-2026-41511CVE-2026-41511

openmcdf / openmcdf

Description

OpenMcdf is a fully .NET / C# library to manipulate Compound File Binary File Format files, also known as Structured Storage. Prior to version 3.1.3, OpenMcdf does not detect cycles in the directory entry red-black tree of a Compound File Binary (CFB) document. A crafted CFB file with a cycle in the LeftSiblingID / RightSiblingID chain causes Storage.EnumerateEntries() and Storage.OpenStream() to loop indefinitely, consuming the calling thread with no possibility of recovery via try/catch. This issue has been patched in version 3.1.3.

Scoring

CVSS 6.2 ()
VectorCVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS0.19% probability of exploitation · percentile 8.4% · 2026-06-19T12:03:05Z
Last modified2026-06-05

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-42481
CVE
CVE-2026-31598
CVE
CVE-2025-46411
CVE
CVE-2026-31597
CVE
CVE-2026-42480
CVE
CVE-2025-53511
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.