CVE-2026-61858

CVE-2026-61858CVE-2026-61858

Description

ImageMagick before 7.1.2-26 contains a policy bypass vulnerability in the APNG encoder and external delegates due to missing validation checks. Attackers can write files to disallowed paths by bypassing configured policy restrictions through the APNG encoding process.

Scoring

CVSS 3.3 ()
VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Last modified2026-07-11
Sourced from NVD. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.