CVE Catalog

CVE-2026-56369

LowCVSS 3.7
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.23%

14th percentile — higher than 14% of all known CVEs

Summary

A vulnerability in ImageMagick before version 7.1.2-22 in the PasskeyEncipherImage method causes AES-CTR nonce reuse. Attackers can exploit this to recover plaintext from encrypted images.

Risk Assessment

The organization risks exposure of sensitive data stored in encrypted images, potentially leading to information disclosure.

Recommendation

Immediately update ImageMagick to version 7.1.2-22 or later, which fixes this vulnerability.

Original NVD description (English source)

ImageMagick before 7.1.2-22 contains an information disclosure vulnerability in the PasskeyEncipherImage method due to AES-CTR nonce reuse. Attackers can exploit nonce reuse in the cipher implementation to recover plaintext information from encrypted images.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS