Back to CVE List

CVE-2026-61858

LOW SEVERITY

CVSS Score & Metrics

Base Score
3.3 / 10
Vector String
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Vulnerability Description

ImageMagick before 7.1.2-26 contains a policy bypass vulnerability in the APNG encoder and external delegates due to missing validation checks. Attackers can write files to disallowed paths by bypassing configured policy restrictions through the APNG encoding process.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-59
Source
NVD
Vendor
ImageMagick
Product
ImageMagick

External References

Discussion (0)

Add Comment

No comments yet. Be the first!