VDB

CVE-2026-56379

CVE-2026-56379 PUBLISHED CVSS 9.2 CRITICAL

Reported by VulnCheck · Published June 23, 2026

ImageMagick before 7.1.2-15 and 6.9.13-40 contains a command injection vulnerability in the SVG decoder that allows attackers to inject arbitrary MVG drawing commands. Attackers can craft malicious SVG files with injected Magick Vector Graphics commands that execute during rendering.

Risk Scores

CVSS 4.0
9.2
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products

VendorProductVersions
ImageMagickImageMagick0, 7.1.2-15
ImageMagickImageMagick0, 6.9.13-40
Red HatRed Hat Enterprise Linux 6
imagemagickimagemagick0, 0, 0
ImageMagickImageMagick0, 0, 6.9.13-40
Red HatRed Hat Enterprise Linux 6
Red HatRed Hat Enterprise Linux Server Optional (v. 7 ELS)
Red HatRed Hat Enterprise Linux Server (v. 7 ELS)
Red HatRed Hat Enterprise Linux 7 Extended Lifecycle Support0:6.9.10.68-17.el7_9

Timeline

  • Jun 23, 2026 CVE Published
  • Jun 24, 2026 EPSS Score
  • Jun 24, 2026 Coalition ESS Score
  • Jun 25, 2026 Security Advisory
  • Jun 29, 2026 Distribution Patch
  • Jun 29, 2026 Security Advisory
  • Jul 15, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›