33 matches found
EUVD-2026-40450
ImageMagick before 7.1.2-24 contains an incorrect policy check that allows attackers to create or truncate files disallowed by security policies. Remote attackers can bypass path policy restrictions in sandboxed conversion services to write arbitrary files outside intended boundaries...
CVE-2026-56377
ImageMagick before 7.1.2-24 contains an incorrect policy check that allows attackers to create or truncate files disallowed by security policies. Remote attackers can bypass path policy restrictions in sandboxed conversion services to write arbitrary files outside intended boundaries...
CVE-2026-56377
ImageMagick vulnerable to a policy- bypass due to an incorrect path check in sandboxed conversion services. Affects ImageMagick before 7.1.2-24, where a crafted request could allow remote or local attackers to create or truncate files outside allowed boundaries by bypassing path policy restrictio...
Astra Linux – Vulnerability in imagemagick
ImageMagick is free and open-source software used for editing and manipulating digital images. Before versions 7.1.2-15 and 6.9.13-40, ImageMagick’s path security policy was enforced on the raw filename string before the filesystem resolved it. As a result, policy rules such as /etc/ could be...
mcp-ssh-tool has file transfer path policy bypass and bearer token comparison hardening
Summary mcp-ssh-tool has released version 2.1.1 with security hardening for transfer path authorization and HTTP bearer authentication. The release addresses: - insufficient local path policy enforcement in transfer-related filesystem handling - incomplete canonicalization and segment-boundary...
GHSA-J7H9-2JH7-G967 mcp-ssh-tool has file transfer path policy bypass and bearer token comparison hardening
Summary mcp-ssh-tool has released version 2.1.1 with security hardening for transfer path authorization and HTTP bearer authentication. The release addresses: - insufficient local path policy enforcement in transfer-related filesystem handling - incomplete canonicalization and segment-boundary...
PT-2026-36919
Name of the Vulnerable Software and Affected Versions fast-uri versions prior to 3.1.1 Description The normalize and equal functions decode percent-encoded path separators and dot segments before performing dot-segment removal. This causes encoded path data to be treated as actual slashes and...
Time-of-check Time-of-use (TOCTOU) Race Condition
Overview Magick.NET-Q16-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...
Time-of-check Time-of-use (TOCTOU) Race Condition
Overview Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition in the FileToBlobI function, involving path policy enforcement. An attacker can perform a symlink swap after authorization on a domain="path" to bypass access restrictions. Remediation A f...
Time-of-check Time-of-use (TOCTOU) Race Condition
Overview Magick.NET-Q16-HDRI-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this...
Time-of-check Time-of-use (TOCTOU) Race Condition
Overview Magick.NET-Q8-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package ar...
Time-of-check Time-of-use (TOCTOU) Race Condition
Overview Magick.NET-Q16-HDRI-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
ImageMagick has a Path Policy TOCTOU symlink race bypass
domain="path" authorization is checked before final file open/use. A symlink swap between check-time and use-time bypasses policy-denied read/write...
GHSA-493F-JH8W-QHX3 ImageMagick has a Path Policy TOCTOU symlink race bypass
domain="path" authorization is checked before final file open/use. A symlink swap between check-time and use-time bypasses policy-denied read/write...
UBUNTU-CVE-2026-28689
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, domain="path" authorization is checked before final file open/use. A symlink swap between check-time and use-time bypasses policy-denied read/write. This...
CVE-2026-28689 ImageMagick has a Path Policy TOCTOU symlink race bypass
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, domain="path" authorization is checked before final file open/use. A symlink swap between check-time and use-time bypasses policy-denied read/write. This...
CVE-2026-28689 ImageMagick has a Path Policy TOCTOU symlink race bypass
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, domain="path" authorization is checked before final file open/use. A symlink swap between check-time and use-time bypasses policy-denied read/write. This...
CVE-2026-28689
ImageMagick contains a TOCTOU path policy bypass: a symlink swap between check-time and use-time can bypass domain="path" policy checks, enabling unintended read/write. Affected versions are prior to 7.1.2-16 and 6.9.13-41. The CVSS vector indicates LOCAL, LOW privileges, HIGH confidentiality/int...
CVE-2026-28689
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, domain="path" authorization is checked before final file open/use. A symlink swap between check-time and use-time bypasses policy-denied read/write. This...
CVE-2026-28689 ImageMagick has a Path Policy TOCTOU symlink race bypass
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, domain="path" authorization is checked before final file open/use. A symlink swap between check-time and use-time bypasses policy-denied read/write. This...