CVE-2026-25990

high

Red Hat

CVSS v3 Base Score

7.3

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Published: February 11, 2026

Last Modified: February 11, 2026

Vendor: Red Hat

Description

Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, n out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1.

CWE

CWE-787

Affected Products

OpenShift LightspeedRed Hat AI Inference ServerRed Hat Ansible Automation Platform 2Red Hat Enterprise Linux 7Red Hat Enterprise Linux 8Red Hat Enterprise Linux AI (RHEL AI) 3Red Hat OpenShift AI (RHOAI)Red Hat Quay 3Red Hat Satellite 6Red Hat AI Inference Server 3.2

Fix Status

✅ Fix Available

References

🔗 bugzilla.redhat.com 🔗 www.cve.org 🔗 nvd.nist.gov 🔗 github.com 🔗 github.com

CVE-2026-25990

Vulnerability Report

Description

CWE

Affected Products

Fix Status

References