Cyber Resilience

CVE-2026-27168

HighPublic PoC

Published: 21 February 2026

Published
21 February 2026
Modified
02 March 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0040 31.4th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-27168 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Sail Sail. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 31.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-27168 is a heap-based buffer overflow vulnerability affecting all versions of SAIL, a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. The issue arises in the XWD parser, where the bytes_per_line value is read directly from the file and used as the read size in io->strict_read() without any comparison to the size of the destination buffer allocated for image pixels.

An attacker can exploit this vulnerability by providing a malicious XWD file with an arbitrarily large bytes_per_line value, triggering a massive write operation that overflows the heap buffer. The CVSS v3.1 base score of 8.8 (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) indicates that exploitation requires adjacent network access, is low complexity, needs no privileges or user interaction, and can result in high impacts to confidentiality, integrity, and availability, associated with CWE-122.

The GitHub Security Advisory at https://github.com/HappySeaFox/sail/security/advisories/GHSA-3g38-x2pj-mv55 provides additional details. At the time of publication on 2026-02-21T00:16:16.640, no fix was available for the vulnerability.

EU & UK References

Vulnerability details

SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. All versions are vulnerable to Heap-based Buffer Overflow through the XWD parser's use of the bytes_per_line value. The value os read directly…

more

from the file as the read size in io->strict_read(), and is never compared to the actual size of the destination buffer. An attacker can provide an XWD file with an arbitrarily large bytes_per_line, causing a massive write operation beyond the buffer heap allocated for the image pixels. The issue did not have a fix at the time of publication.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
T1204.002 Malicious File Execution
An adversary may rely upon a user opening a malicious file in order to gain execution.
Why these techniques?

Heap overflow in image parser directly enables RCE via malicious XWD file against apps using SAIL (T1190/T1203 client/server exploitation or T1204.002 malicious file delivery); AV:A/UI:N fits automated processing contexts.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-50129Same product: Sail Sail
CVE-2025-53085Same product: Sail Sail
CVE-2025-35984Same product: Sail Sail
CVE-2025-46407Same product: Sail Sail
CVE-2025-53510Same product: Sail Sail
CVE-2025-52930Same product: Sail Sail
CVE-2025-52456Same product: Sail Sail
CVE-2025-32468Same product: Sail Sail
CVE-2026-34629Shared CWE-122
CVE-2026-27312Shared CWE-122

Affected Assets

sail
sail
≤ 0.9.10

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires validation of information inputs like bytes_per_line against destination buffer sizes to prevent heap buffer overflows in the XWD parser.

preventrecover

Directly mandates identification, reporting, and correction of flaws like this unpatched heap buffer overflow in the SAIL library.

prevent

Implements memory safeguards such as heap protections to mitigate unauthorized writes from buffer overflows even if input validation fails.

References