CVE-2026-61859
Severity CVSS v4.0:
MEDIUM
Type:
CWE-59
Link Following
Publication date:
15/07/2026
Last modified:
15/07/2026
Description
ImageMagick before 7.1.2-26 and 6.9.13-x before 6.9.13-51 contains a policy bypass vulnerability in the -script operation due to missing security policy checks. This allows reading files from paths that are otherwise disallowed by the configured security policy.
Impact
Base Score 4.0
4.80
Severity 4.0
MEDIUM
Base Score 3.x
3.30
Severity 3.x
LOW



