CVE-2026-41247

Name of the Vulnerable Software and Affected Versions elFinder versions prior to 2.1.67

Description An issue exists in the resize command where the bg (background color) parameter is accepted from user input and passed through image resize or rotate processing. In configurations utilizing the ImageMagick CLI backend, this value is incorporated into shell command strings without sufficient escaping, allowing an attacker to achieve arbitrary command execution as the web server process user.

Recommendations Update to version 2.1.67.