Is psd-tools affected by CVE-2026-27809?

PyPI psd-tools is affected in <1.12.2.

Is CVE-2026-27809 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.4%.

medium

CVE-2026-27809

Q: Is CVE-2026-27809 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.4%.

PyPI · psd-tools

Summary

psd-tools: Compression module has unguarded zlib decompression, missing dimension validation, and hardening gaps

Severity: medium
EPSS: 0.4% (p32)
Also known as: GHSA-24p2-j2jr-386w
Published: 2026-02-26

References

https://github.com/psd-tools/psd-tools/security/advisories/GHSA-24p2-j2jr-386w
https://nvd.nist.gov/vuln/detail/CVE-2026-27809
https://github.com/psd-tools/psd-tools/commit/6c0a78f195b5942757886a1863793fd5946c1fb1

Is your project exposed to this? Stateward checks every dependency on every pull request and flags it only if your code actually reaches it.

Check my repo

Summarize with AI

ChatGPT Claude Perplexity

Sources: CISA KEV (public domain), OSV.dev & GitHub Advisory Database (CC-BY-4.0), FIRST EPSS, NVD/CWE (public domain). Served live from the Stateward advisory database.