CVE-2026-25966Improper Access Control in Imagemagick

CWE-284Improper Access ControlCWE-184Incomplete List of Disallowed Inputs7 documents6 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 99.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
ImagemagickDebian Imagemagick
Timeline
PublishedFeb 24

Description

ImageMagick is free and open-source software used for editing and manipulating digital images. The shipped "secure" security policy includes a rule intended to prevent reading/writing from standard streams. However, ImageMagick also supports fd: pseudo-filenames (e.g., fd:0, fd:1). Prior to versions 7.1.2-15 and 6.9.13-40, this path form is not blocked by the secure policy templates, and therefore bypasses the protection goal of "no stdin/stdout." Versions 7.1.2-15 and 6.9.13-40 contain a patch

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

debiandebian/imagemagick< imagemagick 8:7.1.2.15+dfsg1-1 (forky)
NVDimagemagick/imagemagick7.0.0-07.1.2-15+1
Debianimagemagick/imagemagick< 8:7.1.1.43+dfsg1-1+deb13u6+1
CVEListV5imagemagick/imagemagick>= 7.0.0, < 7.1.2-15

🔴Vulnerability Details

3
OSV
ImageMagick's Security Policy Bypass through config/policy-secure.xml via "fd handler" leads to stdin/stdout access2026-02-24
OSV
CVE-2026-25966: ImageMagick is free and open-source software used for editing and manipulating digital images2026-02-24
GHSA
ImageMagick's Security Policy Bypass through config/policy-secure.xml via "fd handler" leads to stdin/stdout access2026-02-24

📋Vendor Advisories

2
Red Hat
ImageMagick: ImageMagick: Policy bypass allows unauthorized access to standard streams via fd:<n> pseudo-filenames2026-02-24
Debian
CVE-2026-25966: imagemagick - ImageMagick is free and open-source software used for editing and manipulating d...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-25966 Impact, Exploitability, and Mitigation Steps | Wiz