CVE-2026-25990 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 2%

Affected Products (NVD)

Vendor	Product	Version
python	pillow	10.3.0 ≤ 𝑥 < 12.1.1

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

pillow

bookworm	9.4.0-1.1+deb12u1 fixed
bookworm (security)	9.4.0-1.1+deb12u1 fixed
bullseye	8.1.2+dfsg-0.3+deb11u2 fixed
bullseye (security)	8.1.2+dfsg-0.3+deb11u3 fixed
forky	12.2.0-1 fixed
sid	12.2.0-1 fixed
trixie	11.1.0-5+deb13u2 fixed
trixie (security)	11.1.0-5+deb13u2 fixed

Common Weakness Enumeration

CWE-787 - Out-of-bounds Write
The software writes data past the end, or before the beginning, of the intended buffer.

Vulnerability Media Exposure

[GERMAN] Red Hat Ansible Automation Platform: Mehrere Schwachstellen
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat Ansible Automation Platform ausnutzen, um einen Denial of Service Angriff durchzuführen, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, Daten zu manipulieren, vertrauliche Informationen offenzulegen oder Cross-Site-Scripting-Angriffe durchzuführen.
Published: 2026-03-31T22:00:00+00:00

References

https://github.com/python-pillow/Pillow/commit/9000313cc5d4a31bdcdd6d7f0781101abab553aa

https://github.com/python-pillow/Pillow/security/advisories/GHSA-cfh3-3jmp-rvhc

http://www.openwall.com/lists/oss-security/2026/02/12/1