CVE-2026-3102 MEDIUM

CVE-2026-3102: exiftool PNG File MacOS.pm SetMacOSTags os command injection

Vendor N/A

Product exiftool

Weakness CWE-78

Published February 24, 2026

Last update February 27, 2026

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability was determined in exiftool up to 13.49 on macOS. This issue affects the function SetMacOSTags of the file lib/Image/ExifTool/MacOS.pm of the component PNG File Parser. This manipulation of the argument DateTimeOriginal causes os command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. Upgrading to version 13.50 is capable of addressing this issue. Patch name: e9609a9bcc0d32bd252a709a562fb822d6dd86f7. Upgrading the affected component is recommended.

Key dates

02Disclosure timeline

February 24, 2026 CVE published

February 27, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2026-3102 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/78.html

Related vulnerabilities

Identifiers

CVE CVE-2026-3102

CWE CWE-78

CVSS 5.3 / MEDIUM

Affected versions

Vendor N/A

Product exiftool

Affected 13.0

Vendor N/A

Product exiftool

Affected 13.1

Vendor N/A

Product exiftool

Affected 13.2

Vendor N/A

Product exiftool

Affected 13.3

Vendor N/A

Product exiftool

Affected 13.4

Vendor N/A

Product exiftool

Affected 13.5

Vendor N/A

Product exiftool

Affected 13.6

Vendor N/A

Product exiftool

Affected 13.7

Vendor N/A

Product exiftool

Affected 13.8

Vendor N/A

Product exiftool

Affected 13.9

Vendor N/A

Product exiftool

Affected 13.10

Vendor N/A

Product exiftool

Affected 13.11

Vendor N/A

Product exiftool

Affected 13.12

Vendor N/A

Product exiftool

Affected 13.13

Vendor N/A

Product exiftool

Affected 13.14

Vendor N/A

Product exiftool

Affected 13.15

Vendor N/A

Product exiftool

Affected 13.16

Vendor N/A

Product exiftool

Affected 13.17

Vendor N/A

Product exiftool

Affected 13.18

Vendor N/A

Product exiftool

Affected 13.19

Vendor N/A

Product exiftool

Affected 13.20

Vendor N/A

Product exiftool

Affected 13.21

Vendor N/A

Product exiftool

Affected 13.22

Vendor N/A

Product exiftool

Affected 13.23

Vendor N/A

Product exiftool

Affected 13.24

Vendor N/A

Product exiftool

Affected 13.25

Vendor N/A

Product exiftool

Affected 13.26

Vendor N/A

Product exiftool

Affected 13.27

Vendor N/A

Product exiftool

Affected 13.28

Vendor N/A

Product exiftool

Affected 13.29

Vendor N/A

Product exiftool

Affected 13.30

Vendor N/A

Product exiftool

Affected 13.31

Vendor N/A

Product exiftool

Affected 13.32

Vendor N/A

Product exiftool

Affected 13.33

Vendor N/A

Product exiftool

Affected 13.34

Vendor N/A

Product exiftool

Affected 13.35

Vendor N/A

Product exiftool

Affected 13.36

Vendor N/A

Product exiftool

Affected 13.37

Vendor N/A

Product exiftool

Affected 13.38

Vendor N/A

Product exiftool

Affected 13.39

Vendor N/A

Product exiftool

Affected 13.40

Vendor N/A

Product exiftool

Affected 13.41

Vendor N/A

Product exiftool

Affected 13.42

Vendor N/A

Product exiftool

Affected 13.43

Vendor N/A

Product exiftool

Affected 13.44

Vendor N/A

Product exiftool

Affected 13.45

Vendor N/A

Product exiftool

Affected 13.46

Vendor N/A

Product exiftool

Affected 13.47

Vendor N/A

Product exiftool

Affected 13.48

Vendor N/A

Product exiftool

Affected 13.49

CVE-2026-3102: exiftool PNG File MacOS.pm SetMacOSTags os command injection

01Description

02Disclosure timeline

03References

04Related CVE