Policy Check Vulnerability in ImageMagick Software by ImageMagick
CVE-2026-55628

5.5MEDIUM

Key Information:

Vendor
CVE Published:
1 July 2026

What is CVE-2026-55628?

In versions prior to 7.1.2-26he of ImageMagick, the implementation of the -concatenate operation lacked proper policy checks. This oversight allowed unauthorized reading and writing to paths that should have been restricted according to the security policy. Users are advised to update to version 7.1.2-26 or later to mitigate this risk and enhance their system's security.

Affected Version(s)

ImageMagick < 7.1.2-26

References

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.