CVE-2026-45664 MEDIUM

CVE-2026-45664: ImageMagick: Policy Bypass in MNG coder could

Vendor Imagemagick
Product ImageMagick
Weakness CWE-400
Published June 10, 2026
Last update June 30, 2026

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

What the vulnerability does

01Description

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, because of a missing check in the MNG coder it would be possible to read more images than the list limit policy would allow resulting in excessive resource use. This issue has been patched in versions 6.9.13-47 and 7.1.2-22.

Key dates

02Disclosure timeline

June 10, 2026 CVE published
June 30, 2026 Record updated