What is CVE-2026-42216?

CVE-2026-42216 is a critical-severity vulnerability in Academysoftwarefoundation Openexr, classified under Out-of-bounds Read. CVSS score: 9.1/10. Published 2026-05-07.

How severe is CVE-2026-42216?

Critical severity. CVSS v3 base score is 9.1 out of 10.

Out-of-bounds Read in Academysoftwarefoundation Openexr

CVE-2026-42216

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3.3.11, and 3.4.0 to before 3.4.11, IDMan…

Vulnerability class: Buffer Overflow

EPSS: 0.001 (18.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.1 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H.

Affected products

Academysoftwarefoundation Openexr — versions >= 3.0.0, < 3.2.9, >= 3.3.0, < 3.3.11, >= 3.4.0, < 3.4.11
Openexr

Weakness classification (CWE)

CWE-125 — Out-of-bounds Read

References

https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-65j8-95g9-jgj4 (x_refsource_CONFIRM, Exploit, Mitigation, Vendor Advisory)

Frequently asked questions

What is CVE-2026-42216?: CVE-2026-42216 is a critical-severity vulnerability in Academysoftwarefoundation Openexr, classified under Out-of-bounds Read. CVSS score: 9.1/10. Published 2026-05-07.
How severe is CVE-2026-42216?: Critical severity. CVSS v3 base score is 9.1 out of 10.