CVE-2026-61858
Severity CVSS v4.0:
MEDIUM
Type:
CWE-59
Link Following
Publication date:
11/07/2026
Last modified:
11/07/2026
Description
ImageMagick before 7.1.2-26 contains a policy bypass vulnerability in the APNG encoder and external delegates due to missing validation checks. Attackers can write files to disallowed paths by bypassing configured policy restrictions through the APNG encoding process.
Impact
Base Score 4.0
4.80
Severity 4.0
MEDIUM
Base Score 3.x
3.30
Severity 3.x
LOW



