What is the CVSS score of CVE-2026-40493?

CVE-2026-40493 has a CVSS 3.1 base score of 9.8 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Sail are affected by CVE-2026-40493?

SAIL image processing library versions prior to commit c930284 contain a critical remote code execution vulnerability in PSD file handling that allows unauthenticated attackers to execute arbitrary…

How to fix or mitigate CVE-2026-40493?

Within 24 hours: Identify all systems and applications using SAIL library and document current versions; restrict PSD file uploads or processing from untrusted sources. Within 7 days: Update SAIL to commit c930284445ea3ff94451ccd7a57c999eca3bc979 or later; verify the update in development and staging environments. Within 30 days: Complete production deployment across all affected systems; implement input validation to reject LAB-mode PSD files if immediate patching is impossible; conduct application log review for exploitation attempts.

Sail CVE-2026-40493

EUVD-2026-23646 CRITICAL

Out-of-bounds Write (CWE-787)

2026-04-18 GitHub_M

Memory Corruption Buffer Overflow Sail

9.8

CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

9.8 CRITICAL

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Updated

Apr 18, 2026 - 03:28 vuln.today

v2 (cvss_changed)

Re-analysis Queued

Apr 18, 2026 - 03:22 vuln.today

cvss_changed

Analysis Generated

Apr 18, 2026 - 02:41 vuln.today

EUVD ID Assigned

Apr 18, 2026 - 02:30 euvd

EUVD-2026-23646

Analysis Generated

Apr 18, 2026 - 02:30 vuln.today

CVE Published

Apr 18, 2026 - 01:41 nvd

CRITICAL 9.8

DescriptionGitHub Advisory

SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit c930284445ea3ff94451ccd7a57c999eca3bc979, the PSD codec computes bytes-per-pixel (bpp) from raw header fields channels * depth, but the pixel buffer is allocated based on the resolved pixel format. For LAB mode with channels=3, depth=16, bpp = (3*16+7)/8 = 6, but the format BPP40_CIE_LAB allocates only 5 bytes per pixel. Every pixel write overshoots, causing a deterministic heap buffer overflow on every row. Commit c930284445ea3ff94451ccd7a57c999eca3bc979 contains a patch.

AnalysisAI

Heap buffer overflow in SAIL PSD codec allows remote code execution when processing malicious LAB-mode PSD files. Affects all SAIL versions prior to commit c930284 (HappySeaFox/sail). …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon

Craft LAB-mode PSD file

Delivery

Deliver to SAIL-using application

Exploit

Trigger PSD decode

Install

Buffer overflow on pixel write

Corrupt heap metadata

Execute

Overwrite code pointer

Impact

Execute arbitrary code

Recon

Craft LAB-mode PSD file

Delivery

Deliver to SAIL-using application

Exploit

Trigger PSD decode

Install

Buffer overflow on pixel write

Corrupt heap metadata

Execute

Overwrite code pointer

Impact

Execute arbitrary code

Vulnerability AssessmentAI

Exploitation	Requires target application to use SAIL library for image processing AND process untrusted PSD files via SAIL's PSD codec. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	CVSS 9.8 (Critical) reflects maximum exploitability: network-accessible attack vector, low complexity, no authentication or user interaction required, and complete compromise of confidentiality, integrity, and availability. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	Attacker crafts a malicious PSD file with LAB colorspace (colormode=9), 3 channels, and 16-bit depth. When a victim application using SAIL processes this file (e.g., web service generating thumbnails from user uploads, document converter, image gallery software), the PSD decoder allocates a 5-byte-per-pixel buffer but writes 6 bytes per pixel. …
Remediation	Update SAIL to commit c930284445ea3ff94451ccd7a57c999eca3bc979 or later, available at https://github.com/HappySeaFox/sail/commit/c930284445ea3ff94451ccd7a57c999eca3bc979. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all systems and applications using SAIL library and document current versions; restrict PSD file uploads or processing from untrusted sources. …

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-40493 vulnerability details – vuln.today

Back

Sail CVE-2026-40493

Severity by source

CVSS VectorGitHub Advisory

Lifecycle Timeline

DescriptionGitHub Advisory

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

Recommended ActionAI

Share

External POC / Exploit Code