diff --git a/meta-oe/recipes-support/exiv2/exiv2/CVE-2026-25884.patch b/meta-oe/recipes-support/exiv2/exiv2/CVE-2026-25884.patch
new file mode 100644
index 0000000000..624c53f49b
--- /dev/null
+++ b/meta-oe/recipes-support/exiv2/exiv2/CVE-2026-25884.patch
@@ -0,0 +1,25 @@
+From cfbe7e48cbfa63b88b3dcf9d99272330f8349c4f Mon Sep 17 00:00:00 2001
+From: Kevin Backhouse <kevinbackhouse@github.com>
+Date: Sat, 31 Jan 2026 15:31:55 +0000
+Subject: [PATCH] Fix out-of-bounds read.
+
+CVE: CVE-2026-25884
+Upstream-Status: Backport [https://github.com/Exiv2/exiv2/commit/5b8f1f4d92b8f27a5a80e0c3d3eb9dce7620d9f1]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ src/crwimage_int.cpp | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/crwimage_int.cpp b/src/crwimage_int.cpp
+index 570de75..8791dbd 100644
+--- a/src/crwimage_int.cpp
++++ b/src/crwimage_int.cpp
+@@ -812,7 +812,7 @@ namespace Exiv2 {
+                                     Image&         image,
+                                     ByteOrder      /*byteOrder*/)
+     {
+-        std::string s(reinterpret_cast<const char*>(ciffComponent.pData()));
++        auto s = std::string(reinterpret_cast<const char*>(ciffComponent.pData()), ciffComponent.size());
+         image.setComment(s);
+     } // CrwMap::decode0x0805
+ 
diff --git a/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb b/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb
index 4700173de4..602ef3910f 100644
--- a/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb
+++ b/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb
@@ -32,6 +32,7 @@ SRC_URI = "https://github.com/Exiv2/${BPN}/releases/download/v${PV}/${BP}-Source
            file://CVE-2021-37621-2.patch \
            file://CVE-2021-37622-1.patch \
            file://CVE-2021-37622-2.patch \
+           file://CVE-2026-25884.patch \
            "
 SRC_URI[sha256sum] = "a79f5613812aa21755d578a297874fb59a85101e793edc64ec2c6bd994e3e778"