diff --git a/giflib-5.2.1-cve-2026-26740.patch b/giflib-5.2.1-cve-2026-26740.patch
new file mode 100644
index 0000000..5d79032
--- /dev/null
+++ b/giflib-5.2.1-cve-2026-26740.patch
@@ -0,0 +1,13 @@
+diff --git a/lib/egif_lib.c b/lib/egif_lib.c
+index 6219af0..5fb458f 100644
+--- a/lib/egif_lib.c
++++ b/lib/egif_lib.c
+@@ -689,6 +689,8 @@ int EGifGCBToSavedExtension(const GraphicsControlBlock *GCB,
+     for (i = 0; i < GifFile->SavedImages[ImageIndex].ExtensionBlockCount; i++) {
+ 	ExtensionBlock *ep = &GifFile->SavedImages[ImageIndex].ExtensionBlocks[i];
+ 	if (ep->Function == GRAPHICS_EXT_FUNC_CODE) {
++	    if (ep->ByteCount != 4)
++		return GIF_ERROR;
+ 	    EGifGCBToExtension(GCB, ep->Bytes);
+ 	    return GIF_OK;
+ 	}
diff --git a/giflib.spec b/giflib.spec
index 3c3950b..dd73ba5 100644
--- a/giflib.spec
+++ b/giflib.spec
@@ -1,7 +1,7 @@
 Name:          giflib
 Summary:       A library and utilities for processing GIFs
 Version:       5.1.4
-Release:       4%{?dist}
+Release:       5%{?dist}
 
 License:       MIT
 URL:           http://www.sourceforge.net/projects/%{name}/
@@ -12,6 +12,9 @@ Patch1:        giflib-5.1.4-html-docs-consistent-ids.patch
 # from upstream, for <= 6.1.1, RHEL-154853
 # https://sourceforge.net/p/giflib/code/ci/f5b7267aed3665ef025c13823e454170d031c106/
 Patch2:        giflib-5.1.8-cve-2026-23868.patch
+Patch3:        giflib-5.2.1-cve-2026-26740.patch
+# sent upstream, RHEL-157097
+# https://sourceforge.net/p/giflib/bugs/199/
 
 BuildRequires: autoconf automake libtool
 BuildRequires: gcc
@@ -82,6 +85,9 @@ rm -f doc/Makefile*
 
 
 %changelog
+* Mon Jun 08 2026 Michal Hlavinka <mhlavink@redhat.com> - 5.1.4-5
+- fix CVE-2026-26740: buffer overflow in EGifGCBToExtension (RHEL-157097)
+
 * Tue Mar 24 2026 Michal Hlavinka <mhlavink@redhat.com> - 5.1.4-4
 - fix CVE-2026-23868: double free in GifMakeSavedImage (RHEL-154853)