Policy Bypass Vulnerability in ImageMagick from ImageMagick Vendor
CVE-2026-61859
4.8MEDIUM
What is CVE-2026-61859?
A vulnerability exists in ImageMagick prior to version 7.1.2-26 and 6.9.13-x before 6.9.13-51, allowing for a policy bypass in the -script operation. This flaw is caused by inadequate security policy checks, potentially enabling unauthorized reading of files from restricted paths set by the existing security configurations.
Affected Version(s)
ImageMagick 0 < 7.1.2-26
ImageMagick 0 < 6.9.13-51
ImageMagick 7.1.2-26