CVE-2026-56369
LowCVSS 3.7Exploitation Probability (EPSS)
Low risk14th percentile — higher than 14% of all known CVEs
Summary
A vulnerability in ImageMagick before version 7.1.2-22 in the PasskeyEncipherImage method causes AES-CTR nonce reuse. Attackers can exploit this to recover plaintext from encrypted images.
Risk Assessment
The organization risks exposure of sensitive data stored in encrypted images, potentially leading to information disclosure.
Recommendation
Immediately update ImageMagick to version 7.1.2-22 or later, which fixes this vulnerability.
Original NVD description (English source)
ImageMagick before 7.1.2-22 contains an information disclosure vulnerability in the PasskeyEncipherImage method due to AES-CTR nonce reuse. Attackers can exploit nonce reuse in the cipher implementation to recover plaintext information from encrypted images.

