CVE-2026-8813
Published: 19 May 2026
Summary
CVE-2026-8813 is a high-severity Improper Validation of Specified Quantity in Input (CWE-1284) vulnerability in Snyk (inferred from references). Its CVSS base score is 7.7 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 36.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-30838
Vulnerability details
This affects versions of the package exifreader before 4.39.0. A crafted image containing an ICC mluc tag can set an attacker-controlled record count together with a zero record size. During parsing, ExifReader repeatedly processes the same record and appends entries…
more
to an array without sufficient bounds validation, causing excessive memory growth. In applications that parse attacker-supplied images, this may lead to denial of service through memory exhaustion.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Crafted image triggers unbounded memory growth in image parser, enabling application-layer DoS via exploitation of the parsing routine.
CVEs Like This One
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.