Cyber Posture

CVE-2026-27596

High

Published: 02 March 2026

Published
02 March 2026
Modified
05 March 2026
KEV Added
Patch
CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0006 18.9th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-27596 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Exiv2 Exiv2. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 18.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

Threat & Defense at a Glance

What attackers do: exploitation maps to Application or System Exploitation (T1499.004).
Threat & Defense Details

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
attack.mitre.org →
Why these techniques?

Out-of-bounds read in Exiv2 preview component causes application crash/DoS when a malicious image is processed via CLI; directly matches Application or System Exploitation sub-technique for endpoint denial of service.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-bounds read was found in Exiv2. The vulnerability is in the preview component,…

more

which is only triggered when running Exiv2 with an extra command line argument, like -pp. The out-of-bounds read is at a 4GB offset, which usually causes Exiv2 to crash. This issue has been patched in version 0.28.8.

Deeper analysisAI

CVE-2026-27596 is an out-of-bounds read vulnerability (CWE-125, CWE-191) in the preview component of Exiv2, a C++ library and command-line utility for reading, writing, deleting, and modifying Exif, IPTC, XMP, and ICC image metadata. The flaw affects Exiv2 versions prior to 0.28.8 and manifests as a read operation at a 4GB offset, which typically results in a crash.

The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating it is exploitable over a network with low complexity, no privileges, and no user interaction. Attackers can trigger it by supplying a malicious image file to a target system running the Exiv2 command-line utility with a specific argument such as -pp, achieving denial-of-service through application termination.

Exiv2 developers patched the issue in version 0.28.8. Official references include the fixing commit at https://github.com/Exiv2/exiv2/commit/eaa9e21aabe06b3f91cfe66686f5ebc3ca3c0ed4, the issue report at https://github.com/Exiv2/exiv2/issues/3511, the pull request at https://github.com/Exiv2/exiv2/pull/3512, and the security advisory at https://github.com/Exiv2/exiv2/security/advisories/GHSA-3wgv-fg4w-75x7.

Details

CWE(s)
CWE-125CWE-191

Affected Products

exiv2
exiv2
≤ 0.28.8

CVEs Like This One

CVE-2026-25884Same product: Exiv2 Exiv2
CVE-2025-26623Same product: Exiv2 Exiv2
CVE-2026-34064Shared CWE-191
CVE-2025-0727Shared CWE-191
CVE-2025-0612Shared CWE-125
CVE-2026-25942Shared CWE-125
CVE-2026-25627Shared CWE-125
CVE-2026-3631Shared CWE-125
CVE-2024-50600Shared CWE-125
CVE-2026-40386Shared CWE-191

References