PT-2026-54046 · Unknown · Imagemagick

Sondt99

·

Published

2026-06-30

·

Updated

2026-07-01

·

CVE-2026-56377

CVSS v3.1

3.3

Low

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.1.2-24
Description An incorrect policy check allows remote attackers to bypass path policy restrictions in sandboxed conversion services. This flaw enables the creation or truncation of files that are disallowed by security policies, allowing arbitrary files to be written outside of intended boundaries.
Recommendations Update to version 7.1.2-24 or later.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-56377

Affected Products

Imagemagick