CVE Catalog

CVE-2026-55628

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.10%

1th percentile — higher than 1% of all known CVEs

Summary

In versions prior to 7.1.2-26he, the `-concatenate` operation lacked security policy checks, potentially allowing reading and writing to paths disallowed by the policy. This issue has been fixed in version 7.1.2-26.

Risk Assessment

An attacker could bypass security policy restrictions, gaining unauthorized access to files or writing malicious data to protected locations, leading to confidentiality and integrity breaches.

Recommendation

Immediately upgrade ImageMagick to version 7.1.2-26 or later, which includes the fix for this vulnerability.

Original NVD description (English source)

In versions prior to 7.1.2-26he, the `-concatenate` operation is missing policy checks, potentially resulting in both reading and writing to paths disallowed by the security policy. This issue has been fixed in version 7.1.2-26.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS