Policy Bypass Vulnerability in ImageMagick by ImageMagick LLC
CVE-2026-61858
4.8MEDIUM
What is CVE-2026-61858?
A policy bypass vulnerability exists in ImageMagick prior to version 7.1.2-26 involving the APNG encoder and its interactions with external delegates. This vulnerability arises due to inadequate validation checks, enabling attackers to exploit the encoding process to write files to paths that should be disallowed, circumventing established policy restrictions. Proper mitigation requires upgrading to a patched version of the software.
Affected Version(s)
ImageMagick 0 < 7.1.2-26
ImageMagick 0 < 6.9.13-51
ImageMagick 7.1.2-26