ImageMagick Policy Bypass Vulnerability in Script Operation

Vulnerability

A policy bypass vulnerability has been identified in ImageMagick versions prior to 7.1.2-26 and in the 6.9.13-x series prior to 6.9.13-51. The vulnerability arises in the '-script' operation, where missing security policy checks allow files to be read from paths that the security policy would normally restrict.

Impact

Exploitation of this vulnerability could lead to unauthorized file access, allowing users to read files from disallowed paths.

Added: Jul 15, 2026, 12:31 PM
Updated: Jul 15, 2026, 12:31 PM

Vulnerability Rating

Custom Algorithm
spread
7.8
impact
0.6
exploitability
4.7
remediation
7.7
relevance
9.8
threat
0.0
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.