CVE Catalog

CVE-2026-56379

HighCVSS 8.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Elevated risk
1.19%

64th percentile — higher than 64% of all known CVEs

Summary

A command injection vulnerability in ImageMagick before versions 7.1.2-15 and 6.9.13-40 exists in the SVG decoder. Attackers can craft malicious SVG files with injected Magick Vector Graphics commands that execute during rendering.

Risk Assessment

The risk involves potential remote code execution by an attacker, which could lead to full compromise of the server or application processing images.

Recommendation

Immediately update ImageMagick to version 7.1.2-15 or later (for branch 7) and 6.9.13-40 or later (for branch 6).

Original NVD description (English source)

ImageMagick before 7.1.2-15 and 6.9.13-40 contains a command injection vulnerability in the SVG decoder that allows attackers to inject arbitrary MVG drawing commands. Attackers can craft malicious SVG files with injected Magick Vector Graphics commands that execute during rendering.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS