Missing Authorization in ImageMagick - CVE-2026-55628
Published: June 29, 2026
ImageMagick
Detailed vulnerability description
The vulnerability allows a local user to read and write files in paths disallowed by the security policy.
The vulnerability exists due to missing authorization in the -concatenate operation when processing file paths. A local user can invoke the concatenate operation with disallowed paths to read and write files in paths disallowed by the security policy.