CVE-2026-56379
ImageMagick before 7.1.2-15 and 6.9.13-40 contains a command injection vulnerability in the SVG decoder that allows attackers to inject arbi
CVSS
8.1
Alto
EPSS
0.9%
p55
KEV
—
Exploit Today
17
0-100
Publicado: 23 jun 2026 · Última mod.: 15 jul 2026 · CWE-116 · CWE-78
0.9%EPSS · 30 días1.2%
2026-06-302026-07-16
ImageMagick before 7.1.2-15 and 6.9.13-40 contains a command injection vulnerability in the SVG decoder that allows attackers to inject arbitrary MVG drawing commands. Attackers can craft malicious SVG files with injected Magick Vector Graphics commands that execute during rendering.
- github.comhttps://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-xpg8-7m6m-jf56
- www.vulncheck.comhttps://www.vulncheck.com/advisories/imagemagick-command-injection-via-svg-decoder
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:32961
- access.redhat.comhttps://access.redhat.com/security/cve/CVE-2026-56379
- bugzilla.redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=2491700
- security.access.redhat.comhttps://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-56379.json
CVECVSSEPSSKEVRExplotTítuloVis.
CVE-2026-341978.8 ALT99.9%
KEV—80Apache ActiveMQ Improper Input Validation Vulnerability2dCVE-2024-121210.0 CRÍ99.9%
KEV—80Progress Kemp LoadMaster OS Command Injection Vulnerability3dCVE-2022-262589.8 CRÍ99.6%
KEV—80D-Link DIR-820L Remote Code Execution Vulnerability8dCVE-2026-422718.8 ALT99.6%
KEV—80BerriAI LiteLLM Command Injection Vulnerability2dCVE-2021-252988.8 ALT99.5%
KEV—80Nagios XI OS Command Injection8dCVE-2021-252978.8 ALT98.9%
KEV—80Nagios XI OS Command Injection8d