CVE Catalog

CVE-2026-47165

MediumCVSS 4.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.01%

3th percentile — higher than 3% of all known CVEs

Summary

ImageMagick prior to versions 6.9.13-48 and 7.1.2-23 had a distributed pixel cache that operated without a challenge-response authentication model. Changes have been made in newer versions to enhance security.

Risk Assessment

The lack of an appropriate authentication model may lead to unauthorized access to the pixel cache, posing a risk of data manipulation or system attacks.

Recommendation

It is recommended to upgrade ImageMagick to version 6.9.13-48 or 7.1.2-23 or later to benefit from the security improvements.

Original NVD description (English source)

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, the distributed pixel cache was originally designed to operate without a challenge–response authentication model. This has been changed in versions 6.9.13-48 and 7.1.2-23.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS