Command Injection Vulnerability in ImageMagick by ImageMagick
CVE-2026-56379

NONE

Key Information:

Vendor: Imagemagick
Status: Imagemagick
Vendor: CVE Published:; 23 June 2026

🔔 Create Imagemagick Vulnerability Alert

What is CVE-2026-56379?

A command injection vulnerability exists in the SVG decoder of ImageMagick prior to version 7.1.2-15 and 6.9.13-40. This flaw allows an attacker to craft malicious SVG files that contain injected Magick Vector Graphics (MVG) commands. When these SVG files are rendered, the injected commands can be executed, potentially compromising the host system. This poses serious security risks as attackers can manipulate graphics rendering functions to execute arbitrary commands, leading to unauthorized access or data breaches.

Affected Version(s)

ImageMagick 0 < 7.1.2-15

ImageMagick 0 < 6.9.13-40

ImageMagick 7.1.2-15

References

https://github.com/ImageMagick/ImageMagick/security/advis...

vendor-advisory

https://www.vulncheck.com/advisories/imagemagick-command-...

third-party-advisory

CVSS V4

Score:

Severity:

NONE

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 23, 2026
Vulnerability Reserved
Jun 21, 2026

Credit

phenggeler

CVE-2026-56379 Data

JSON