CVE-2026-40192High· 7.5▾ TwilightPillow is a Python imaging library. Versions 10.3.0 through 12.1.1 did not limit the amount of GZIP-compressed data read when decoding a FITS image, making them vulnerable to decompression bomb attacks. A specially crafted FITS file coul…
▾ Twilight zone — High severity, or a signal on a lesser flaw
impact 41.3 · likelihood 0.1 · exploitation 0
The latest CVEs are free to read. CVE-2026-40192 is outside the free window — sign in (free) to view the full technical detail, affected versions, references, and raw markdown.