diff --git a/SPECS/gdk-pixbuf2/CVE-2026-5201.patch b/SPECS/gdk-pixbuf2/CVE-2026-5201.patch
new file mode 100644
index 00000000000..7041b24d473
--- /dev/null
+++ b/SPECS/gdk-pixbuf2/CVE-2026-5201.patch
@@ -0,0 +1,42 @@
+From f383ab973aaa87107a19f267284f37070ded639b Mon Sep 17 00:00:00 2001
+From: Matthias Clasen <mclasen@redhat.com>
+Date: Mon, 30 Mar 2026 12:21:56 -0400
+Subject: [PATCH] jpeg: Reject unsupported number of components
+
+This condition was already checked for incremental loading.
+This commit adds the same check in the nonincremental
+code path.
+
+Closes: #304
+Signed-off-by: Azure Linux Security Servicing Account <azurelinux-security@microsoft.com>
+Upstream-reference: https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/6455d640576743e35f79928bffea97a7ac1c241f.patch
+---
+ gdk-pixbuf/io-jpeg.c | 12 ++++++++++++
+ 1 file changed, 12 insertions(+)
+
+diff --git a/gdk-pixbuf/io-jpeg.c b/gdk-pixbuf/io-jpeg.c
+index 9ee1d21..60ad0d0 100644
+--- a/gdk-pixbuf/io-jpeg.c
++++ b/gdk-pixbuf/io-jpeg.c
+@@ -625,6 +625,18 @@ gdk_pixbuf__real_jpeg_image_load (FILE *f, struct jpeg_decompress_struct *cinfo,
+ 	cinfo->do_fancy_upsampling = FALSE;
+ 	cinfo->do_block_smoothing = FALSE;
+ 
++        /* Reject unsupported component counts */
++        if (cinfo->output_components != 3 && cinfo->output_components != 4 &&
++            !(cinfo->output_components == 1 &&
++              cinfo->out_color_space == JCS_GRAYSCALE)) {
++                g_set_error (error,
++                             GDK_PIXBUF_ERROR,
++                             GDK_PIXBUF_ERROR_CORRUPT_IMAGE,
++                             _("Unsupported number of color components (%d)"),
++                             cinfo->output_components);
++                goto out;
++        }
++
+ 	pixbuf = gdk_pixbuf_new (GDK_COLORSPACE_RGB, 
+ 				 cinfo->out_color_components == 4 ? TRUE : FALSE, 
+ 				 8,
+-- 
+2.45.4
+
diff --git a/SPECS/gdk-pixbuf2/gdk-pixbuf2.spec b/SPECS/gdk-pixbuf2/gdk-pixbuf2.spec
index f0e7daa2270..88244b92962 100644
--- a/SPECS/gdk-pixbuf2/gdk-pixbuf2.spec
+++ b/SPECS/gdk-pixbuf2/gdk-pixbuf2.spec
@@ -2,7 +2,7 @@
 Summary:        An image loading library
 Name:           gdk-pixbuf2
 Version:        2.42.10
-Release:        4%{?dist}
+Release:        5%{?dist}
 License:        LGPLv2+
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -11,6 +11,7 @@ Source0:        https://download.gnome.org/sources/gdk-pixbuf/2.42/gdk-pixbuf-%{
 Patch0:         CVE-2022-48622.patch
 Patch1:         CVE-2025-6199.patch
 Patch2:         CVE-2025-7345.patch
+Patch3:         CVE-2026-5201.patch
 BuildRequires:  %{_bindir}/rst2man
 BuildRequires:  gettext
 BuildRequires:  libjpeg-devel
@@ -117,6 +118,9 @@ gdk-pixbuf-query-loaders-%{__isa_bits} --update-cache
 %{_datadir}/installed-tests
 
 %changelog
+* Wed Apr 01 2026 Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> - 2.42.10-5
+- Patch for CVE-2026-5201
+
 * Mon Jul 14 2025 Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> - 2.42.10-4
 - Patch for CVE-2025-7345