CVE-2026-25990

high

Red Hat

CVSS v3 Base Score

7.3

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

EPSS Score

0.0%

Exploitation probability in 30 days

Top 96% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Confidentiality

Low

Integrity

Low

Availability

Low

Published: February 11, 2026 (92 days ago)

Last Modified: February 11, 2026

Vendor: Red Hat

Fix Available: ✓ Yes

Description

Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, n out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1.

CWE

CWE-787

Affected Products

OpenShift LightspeedRed Hat AI Inference ServerRed Hat Ansible Automation Platform 2Red Hat Enterprise Linux 7Red Hat Enterprise Linux 8Red Hat Enterprise Linux AI (RHEL AI) 3Red Hat OpenShift AI (RHOAI)Red Hat Quay 3Red Hat Satellite 6Red Hat AI Inference Server 3.2

Fix Status

✅ Fix Available

References

🔗 bugzilla.redhat.com 🔗 www.cve.org 🔗 nvd.nist.gov 🔗 github.com 🔗 github.com

CVE-2026-25990

Vulnerability Report

Description

CWE

Affected Products

Fix Status

References