CVE-2026-61858
Publication date 13 July 2026
Last updated 13 July 2026
Ubuntu priority
Cvss 3 Severity Score
Description
ImageMagick before 7.1.2-26 contains a policy bypass vulnerability in the APNG encoder and external delegates due to missing validation checks. Attackers can write files to disallowed paths by bypassing configured policy restrictions through the APNG encoding process.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| imagemagick | 26.04 LTS resolute |
Needs evaluation
|
| 24.04 LTS noble |
Needs evaluation
|
|
| 22.04 LTS jammy |
Needs evaluation
|
|
| 20.04 LTS focal |
Needs evaluation
|
|
| 18.04 LTS bionic |
Needs evaluation
|
|
| 16.04 LTS xenial |
Needs evaluation
|
|
| 14.04 LTS trusty |
Needs evaluation
|
Severity score breakdown
CVSS version:
Base score
4.8 · Medium
Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
Base score
3.3 · Low
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N