ImageMagick before 7.1.2-26 and 6.9.13-x before 6.9.13-51 contains a policy bypass vulnerability in the -script operation due to missing security policy checks. This allows reading files from paths that are otherwise disallowed by the configured security policy.
Advisories
No advisories yet.
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Wed, 15 Jul 2026 12:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | ImageMagick before 7.1.2-26 and 6.9.13-x before 6.9.13-51 contains a policy bypass vulnerability in the -script operation due to missing security policy checks. This allows reading files from paths that are otherwise disallowed by the configured security policy. | |
| Title | ImageMagick before 7.1.2-26 Policy Bypass via script operation | |
| First Time appeared |
Imagemagick
Imagemagick imagemagick |
|
| Weaknesses | CWE-59 | |
| CPEs | cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Imagemagick
Imagemagick imagemagick |
|
| References |
| |
| Metrics |
cvssV3_1
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2026-07-15T11:47:04.341Z
Reserved: 2026-07-10T21:53:55.769Z
Link: CVE-2026-61859
No data.
No data.
No data.
OpenCVE Enrichment
No data.
Weaknesses