Link following in ImageMagick - #VU135671
Published: June 29, 2026
ImageMagick
Detailed vulnerability description
The vulnerability allows a local user to disclose sensitive information.
The vulnerability exists due to improper link resolution before file access in the -script operation when processing script input. A local user can supply a crafted script to disclose sensitive information.
The issue bypasses configured security policy restrictions on disallowed paths.