Cyber Resilience

CVE-2026-40192

HighDDoSUpdated

Published: 15 April 2026

Published
15 April 2026
Modified
30 June 2026
KEV Added
Patch
CVSS Score v4 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0049 38.1th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-40192 is a high-severity Uncontrolled Resource Consumption (CWE-400) vulnerability in Python Pillow. Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 38.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as Computer Vision; in the Data-Related Vulnerabilities risk domain.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-40192 affects Pillow, a widely used Python imaging library, specifically versions 10.3.0 through 12.1.1. The vulnerability stems from a lack of limits on the amount of GZIP-compressed data read during the decoding of FITS images, enabling decompression bomb attacks. This flaw, classified under CWE-400 (Uncontrolled Resource Consumption) and CWE-770 (Allocation of Resources Without Limits or Throttling), allows a specially crafted FITS file to trigger unbounded memory consumption, resulting in denial of service through out-of-memory crashes or severe performance degradation. The issue carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

Attackers can exploit this vulnerability remotely without authentication or user interaction by delivering a malicious FITS file to a vulnerable Pillow installation. Any application or service processing untrusted FITS images—such as astronomical data pipelines, image viewers, or web services handling scientific imagery—is at risk. Successful exploitation leads to resource exhaustion, potentially crashing the affected process or host, though no confidentiality or integrity impacts are possible.

Pillow advisories and release notes recommend upgrading to version 12.2.0 or later, where the commit (3cb854e8b2bab43f40e342e665f9340d861aa628) and pull request (#9521) implement limits on GZIP decompression for FITS files. As a temporary workaround, users unable to upgrade immediately should restrict image processing to exclude FITS format when handling untrusted inputs. Details are available in the GitHub security advisory (GHSA-whj4-6x5x-4v2j) and Pillow 12.2.0 release notes.

EU & UK References

Vulnerability details

Pillow is a Python imaging library. Versions 10.3.0 through 12.1.1 did not limit the amount of GZIP-compressed data read when decoding a FITS image, making them vulnerable to decompression bomb attacks. A specially crafted FITS file could cause unbounded memory…

more

consumption, leading to denial of service (OOM crash or severe performance degradation). If users are unable to immediately upgrade, they should only open specific image formats, excluding FITS, as a workaround.

CWE(s)

AI Security AnalysisAI

AI Category
Computer Vision
Risk Domain
Data-Related Vulnerabilities
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: pillow

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Vulnerability enables remote exploitation of image processing library for endpoint DoS via crafted FITS file causing unbounded memory consumption (application/system exploitation).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-25990Same product: Python Pillow
CVE-2026-21441Same vendor: Python
CVE-2026-41309Shared CWE-400, CWE-770
CVE-2026-44240Shared CWE-400, CWE-770
CVE-2026-22815Shared CWE-400, CWE-770
CVE-2026-25140Shared CWE-400, CWE-770
CVE-2026-34148Shared CWE-400, CWE-770
CVE-2026-42583Shared CWE-400, CWE-770
CVE-2026-34826Shared CWE-400, CWE-770
CVE-2025-68272Shared CWE-400, CWE-770

Affected Assets

python
pillow
10.3.0 — 12.2.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the vulnerability by requiring timely remediation through upgrading Pillow to version 12.2.0 or later, which implements GZIP decompression limits for FITS images.

prevent

Protects against denial-of-service attacks like this decompression bomb by implementing resource controls to limit memory consumption from unbounded GZIP data in malicious FITS files.

prevent

Reduces attack surface by configuring systems to disable or restrict nonessential image processing capabilities, such as FITS format handling for untrusted inputs as a workaround.

References