Ghostwire

CVE-2026-61858: ImageMagick before 7.1.2-26 contains a policy bypass vulnerability in the APNG encoder and external delegates due to...

LOW CVSS 3.3 Exploit Available

Published: July 11, 2026 | Last Modified: July 11, 2026

Description

ImageMagick before 7.1.2-26 contains a policy bypass vulnerability in the APNG encoder and external delegates due to missing validation checks. Attackers can write files to disallowed paths by bypassing configured policy restrictions through the APNG encoding process.

Ghostwire Analysis — What This Means Practically

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

References