PT-2026-24616 — Magick.Net-Q16-Anycpu+18

PT-2026-24616 · Nuget · Magick.Net-Q16-Anycpu+18

Published

2026-03-10

Updated

2026-03-10

CVSS v3.1

6.3

Medium

Vector

AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

domain="path" authorization is checked before final file open/use. A symlink swap between check-time and use-time bypasses policy-denied read/write.

Fix

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-59

Related Identifiers

GHSA-493F-JH8W-QHX3

Affected Products

Magick.Net-Q16-Anycpu

Magick.Net-Q16-Hdri-Anycpu

Magick.Net-Q16-Hdri-Openmp-Arm64

Magick.Net-Q16-Hdri-Openmp-X64

Magick.Net-Q16-Hdri-Arm64

Magick.Net-Q16-Hdri-X64

Magick.Net-Q16-Hdri-X86

Magick.Net-Q16-Openmp-Arm64

Magick.Net-Q16-Openmp-X64

Magick.Net-Q16-Openmp-X86

Magick.Net-Q16-Arm64

Magick.Net-Q16-X64

Magick.Net-Q16-X86

Magick.Net-Q8-Anycpu

Magick.Net-Q8-Openmp-Arm64

Magick.Net-Q8-Openmp-X64

Magick.Net-Q8-Arm64

Magick.Net-Q8-X64

Magick.Net-Q8-X86

Weakness Enumeration

Related Identifiers

Affected Products

References · 5