CVE-2026-55798
Undergoing Analysis Undergoing Analysis - In Progress

Path Traversal in Pillow Image Library

Vulnerability report for CVE-2026-55798, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-06

Last updated on: 2026-07-06

Assigner: GitHub, Inc.

Description

Pillow is a Python imaging library. Prior to 12.3.0, WindowsViewer.get_command() constructed a cmd.exe shell command by directly embedding a file path into an f-string without escaping and passed the result to subprocess.Popen(..., shell=True), allowing shell metacharacters in the file path to inject arbitrary cmd.exe commands. This issue is fixed in version 12.3.0.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-06
Last Modified
2026-07-06
Generated
2026-07-06
AI Q&A
2026-07-06
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
python pillow to 12.3.0 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-55798 is an OS command injection vulnerability in the Python Pillow library's WindowsViewer.get_command() method. The method constructs a cmd.exe shell command by embedding a file path directly into an f-string without escaping special shell characters. Because subprocess.Popen is called with shell=True, this allows an attacker to inject arbitrary commands by including shell metacharacters like double quotes and ampersands in the file path.

This vulnerability arises from the lack of proper sanitization or escaping of the file path before passing it to the shell command, unlike the macOS and Linux equivalents which use shlex.quote() to prevent injection.

Impact Analysis

This vulnerability can allow an attacker to execute arbitrary commands on the system where the vulnerable Pillow library is used, but only if the attacker can control the file path passed to WindowsViewer.get_command().

Because the attack requires local access (attack vector is local) and user interaction, the risk is moderate. However, successful exploitation could lead to unauthorized command execution, potentially compromising confidentiality, integrity, and availability of the affected system.

Detection Guidance

This vulnerability can be detected by checking if the Pillow library version in use is prior to 12.3.0, as versions up to 12.2.0 are affected.

Additionally, detection can involve testing if the WindowsViewer.get_command() method improperly handles file paths containing shell metacharacters such as double quotes or ampersands, which could lead to command injection.

A practical approach is to attempt to invoke the vulnerable method with a crafted file path containing shell metacharacters and observe if arbitrary commands are executed.

Since the vulnerability involves subprocess.Popen with shell=True, monitoring for suspicious command executions involving cmd.exe with unusual arguments or injected commands can also help detect exploitation attempts.

No specific detection commands are provided in the resources, but you can check the Pillow version installed using the following Python command:

  • python -c "import PIL; print(PIL.__version__)"

If the version is less than 12.3.0, the system is vulnerable.

Mitigation Strategies

The immediate mitigation step is to upgrade the Pillow library to version 12.3.0 or later, where the vulnerability is fixed.

The fix involves adding validation in the WindowsViewer.get_command() method to reject file paths containing double quotes and avoiding the use of shell=True with unescaped input.

If upgrading is not immediately possible, avoid passing untrusted or user-controlled file paths to the WindowsViewer.get_command() method or any functionality that invokes subprocess.Popen with shell=True.

Additionally, consider applying input validation or sanitization to file paths to prevent shell metacharacters from being processed.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-55798. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart