Policy Bypass Vulnerability in ImageMagick by ImageMagick
CVE-2026-56377
4.8MEDIUM
What is CVE-2026-56377?
ImageMagick versions prior to 7.1.2-24 exhibit a flaw in their policy checks that can be exploited by remote attackers. This vulnerability allows attackers to circumvent path restrictions in sandboxed conversion services, enabling them to create or modify files outside the designated security boundaries. As a result, unauthorized file access can occur, posing serious security risks to systems using this version of ImageMagick.
Affected Version(s)
ImageMagick 0 < 7.1.2-24
ImageMagick 0 < 6.9.13-48
ImageMagick 7.1.2-24