CatBoost 1.2.8 Python Wheel Contains Critical Pillow Vulnerabilities (CVSS 9.8)

A critical security flaw has been identified within the widely used CatBoost machine learning library. The specific Python wheel file `catboost-1.2.8-cp39-cp39-manylinux2014_x86_64.whl` contains two vulnerabilities in its bundled Pillow dependency, with the highest severity rated a maximum 9.8 on the CVSS scale. This exposes any project or deployment pipeline that installs this version of CatBoost to potential remote code execution attacks. The vulnerability is not in CatBoost's core code but in the included Pillow image processing library, making it a hidden supply chain risk for data scientists and ML engineers who may assume the package is secure.

The issue stems from the library's dependency chain, where the vulnerable Pillow version (11.3.0) is packaged within the CatBoost wheel. This creates a direct path for exploitation through any image processing functionality the library might use. The vulnerability, tracked as CVE-2026-25990, is classified with 'Critical' severity and has a high Exploit Prediction Scoring System (EPSS) score, indicating a significant probability of active exploitation in the near term. The flaw is reachable within the application context, meaning an attacker could potentially trigger it without needing deep internal access.

This discovery places immediate pressure on development and DevOps teams using CatBoost in production environments. Organizations relying on this library for model training or inference must urgently audit their dependency trees and isolate affected systems. The presence of such a severe, reachable vulnerability in a core AI/ML package underscores the escalating risks within the machine learning software supply chain, where a single compromised dependency can undermine the security of entire data pipelines and deployed models.