Policy Bypass Vulnerability in ImageMagick by ImageMagick
CVE-2026-56377

4.8MEDIUM

Key Information:

Vendor
CVE Published:
30 June 2026

What is CVE-2026-56377?

ImageMagick versions prior to 7.1.2-24 exhibit a flaw in their policy checks that can be exploited by remote attackers. This vulnerability allows attackers to circumvent path restrictions in sandboxed conversion services, enabling them to create or modify files outside the designated security boundaries. As a result, unauthorized file access can occur, posing serious security risks to systems using this version of ImageMagick.

Affected Version(s)

ImageMagick 0 < 7.1.2-24

ImageMagick 0 < 6.9.13-48

ImageMagick 7.1.2-24

References

CVSS V4

Score:
4.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

sondt99
.