CVE-2026-56379
ImageMagick before 7.1.2-15 and 6.9.13-40 contains a command injection vulnerability in the SVG decoder that allows attackers to inject arbi
CVSS
8.1
High
EPSS
0.9%
p55
KEV
—
Exploit Today
17
0-100
Published: Jun 23, 2026 · Last modified: Jul 15, 2026 · CWE-116 · CWE-78
0.9%EPSS · 30 days1.2%
2026-06-302026-07-16
ImageMagick before 7.1.2-15 and 6.9.13-40 contains a command injection vulnerability in the SVG decoder that allows attackers to inject arbitrary MVG drawing commands. Attackers can craft malicious SVG files with injected Magick Vector Graphics commands that execute during rendering.
- github.comhttps://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-xpg8-7m6m-jf56
- www.vulncheck.comhttps://www.vulncheck.com/advisories/imagemagick-command-injection-via-svg-decoder
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:32961
- access.redhat.comhttps://access.redhat.com/security/cve/CVE-2026-56379
- bugzilla.redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=2491700
- security.access.redhat.comhttps://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-56379.json
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2026-341978.8 HIG99.9%
KEV—80Apache ActiveMQ Improper Input Validation Vulnerability2dCVE-2024-121210.0 CRI99.9%
KEV—80Progress Kemp LoadMaster OS Command Injection Vulnerability3dCVE-2022-262589.8 CRI99.6%
KEV—80D-Link DIR-820L Remote Code Execution Vulnerability8dCVE-2026-422718.8 HIG99.6%
KEV—80BerriAI LiteLLM Command Injection Vulnerability2dCVE-2021-252988.8 HIG99.5%
KEV—80Nagios XI OS Command Injection8dCVE-2021-252978.8 HIG98.9%
KEV—80Nagios XI OS Command Injection8d