Cyber Resilience

CVE-2026-25990

HighUpdated

Published: 11 February 2026

Published
11 February 2026
Modified
30 June 2026
KEV Added
Patch
12 February 2026
CVSS Score v4 8.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0037 28.9th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-25990 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Python Pillow. Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 28.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as Computer Vision; in the Data-Related Vulnerabilities risk domain.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and CM-2 (Baseline Configuration).

Deeper analysis

CVE-2026-25990 is an out-of-bounds write vulnerability (CWE-787) in Pillow, a Python imaging library. It affects versions from 10.3.0 up to but not including 12.1.1 and can be triggered by loading a specially crafted PSD image. The issue carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), reflecting high availability impact with no confidentiality or integrity effects.

Any remote attacker can exploit this vulnerability without privileges or user interaction by supplying a malicious PSD image to a vulnerable application using Pillow for image processing. Exploitation leads to an out-of-bounds write, typically resulting in denial-of-service via application crash or memory corruption.

Pillow version 12.1.1 resolves the vulnerability through a specific commit at https://github.com/python-pillow/Pillow/commit/9000313cc5d4a31bdcdd6d7f0781101abab553aa. Further details appear in the project's GitHub security advisory at https://github.com/python-pillow/Pillow/security/advisories/GHSA-cfh3-3jmp-rvhc and an oss-security mailing list post at http://www.openwall.com/lists/oss-security/2026/02/12/1. Mitigation requires updating to Pillow 12.1.1 or later.

EU & UK References

Vulnerability details

Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, an out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1.

CWE(s)

AI Security AnalysisAI

AI Category
Computer Vision
Risk Domain
Data-Related Vulnerabilities
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: pillow

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

OOB write in remote image-processing library (PSD) directly enables remote exploitation of public-facing apps (T1190) to trigger application DoS via crafted input (T1499.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-40192Same product: Python Pillow
CVE-2025-25901Shared CWE-787
CVE-2025-32008Shared CWE-787
CVE-2026-27664Shared CWE-787
CVE-2024-13166Shared CWE-787
CVE-2019-25654Shared CWE-787
CVE-2024-24423Shared CWE-787
CVE-2024-13165Shared CWE-787
CVE-2025-25898Shared CWE-787
CVE-2026-26740Shared CWE-787

Affected Assets

python
pillow
10.3.0 — 12.1.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely remediation of identified flaws such as the out-of-bounds write in Pillow by installing the fixed version 12.1.1.

detect

Requires scanning to discover vulnerable Pillow versions (10.3.0–12.1.0) that can be exploited by malicious PSD images.

prevent

Establishes approved software baselines that include only patched Pillow releases, preventing use of the vulnerable library.

References