CVE-2026-47165
MediumCVSS 4.1Exploitation Probability (EPSS)
Low risk3th percentile — higher than 3% of all known CVEs
Summary
ImageMagick prior to versions 6.9.13-48 and 7.1.2-23 had a distributed pixel cache that operated without a challenge-response authentication model. Changes have been made in newer versions to enhance security.
Risk Assessment
The lack of an appropriate authentication model may lead to unauthorized access to the pixel cache, posing a risk of data manipulation or system attacks.
Recommendation
It is recommended to upgrade ImageMagick to version 6.9.13-48 or 7.1.2-23 or later to benefit from the security improvements.
Original NVD description (English source)
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, the distributed pixel cache was originally designed to operate without a challenge–response authentication model. This has been changed in versions 6.9.13-48 and 7.1.2-23.

