CVE Catalog

CVE-2026-49219

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.02%

5th percentile — higher than 5% of all known CVEs

Summary

ImageMagick prior to versions 6.9.13-48 and 7.1.2-24 had an issue with incorrect parsing of filenames, which could lead to a policy bypass and reading disallowed files using symlinks.

Risk Assessment

Organizations may be exposed to unauthorized access to sensitive files, potentially leading to data leaks or violations of security policies.

Recommendation

It is recommended to update ImageMagick to versions 6.9.13-48 or 7.1.2-24 to mitigate this vulnerability.

Original NVD description (English source)

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-24, an incorrect parsing of the filename can result in a policy bypass and read files disallowed by a security policy using a symlink. This issue has been patched in versions 6.9.13-48 and 7.1.2-24.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS