CVE-2026-28689
MED 6.3ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, domain="path" authorization is checked before final file open/use. A symlink swap between check-time and use-time bypasses policy-denied read/write. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.
Affected Applications in Environment
13
ImageMagick
v7.1.1-32
1 device
ImageMagick
v6.9.10.68-6.el7_9
1 device
ImageMagick
v7.1.2-13
1 device
ImageMagick
v0:6.9.13.25-1.el8
1 device
ImageMagick
v7.0.5
1 device
imagemagick
v8:6.9.12.98+dfsg1-5.2build2
22 devices
imagemagick
v8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5
13 devices
imagemagick
v8:6.9.11.60+dfsg-1.6+deb12u4
1 device
imagemagick
v8:6.8.9.9-7ubuntu5.16+esm19
1 device
imagemagick
v8:6.9.10.23+dfsg-2.1ubuntu11.11
4 devices
imagemagick
v8:6.9.11.60+dfsg-1.3+deb11u10
1 device
imagemagick
v8:6.9.11.60+dfsg-1.3+deb11u9
1 device
imagemagick
v8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm6
1 device
Affected Devices
49
ATWOOD-PD-BSMTH
Windows
BSTEVENS
Windows
MILLPRODWEB
Windows
blakeutil
Linux
cceredcapweb
Linux
dpapsb-191594.mypc.usu.edu
Linux
fw
Linux
guru.cluster
Linux
hotcheeto
Linux
itfinance
Linux
kcm.usu.edu
Linux
librenms
Linux
omekanew
Linux
owenclarke-OptiPlex-7090
Linux
redcapweb
Linux
starfleetpad
Linux
storm
Linux
tsutil.it.usu.edu
Linux
web-lb01-redirect.usu.edu
Linux
web-lb02-redirect.usu.edu
Linux
web-lb03-redirect.usu.edu
Linux
web02.usu.edu
Linux
web03.usu.edu
Linux
web08.usu.edu
Linux
web09.usu.edu
Linux
web10
Linux
web10-awhc
Linux
web10-awhc
Linux
web11.usu.edu
Linux
web12.usu.edu
Linux
web13.usu.edu
Linux
web14.usu.edu
Linux
web15.usu.edu
Linux
web16.usu.edu
Linux
web17
Linux
web18
Linux
web19.usu.edu
Linux
web20
Linux
web25
Linux
web27.usu.edu
Linux
web29.usu.edu
Linux
web30.usu.edu
Linux
web31.usu.edu
Linux
web32.usu.edu
Linux
web33.usu.edu
Linux
web34.usu.edu
Linux
web35.usu.edu
Linux
web36.usu.edu
Linux
web37.usu.edu
Linux