CVE-2026-61858
LOW SEVERITYCVSS Score & Metrics
Base Score
3.3 / 10
Vector String
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Vulnerability Description
ImageMagick before 7.1.2-26 contains a policy bypass vulnerability in the APNG encoder and external delegates due to missing validation checks. Attackers can write files to disallowed paths by bypassing configured policy restrictions through the APNG encoding process.
Vulnerability Details
Published Date
Last Modified
CWE ID
CWE-59
Source
NVD
Vendor
ImageMagick
Product
ImageMagick
Discussion (0)
Add Comment
No comments yet. Be the first!