CVE-2026-26066

HIGH WAF: Medium

CVSS 7.5 Published: 2026-02-24

CWE-400

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted profile contain invalid IPTC data may cause an infinite loop when writing it with `IPTCTEXT`. Versions 7.1.2-15 and 6.9.13-40 contain a patch.

WAF Coverage Analysis

Uncontrolled Resource Consumption Medium WAF Coverage

OWASP: A05:2021 Security Misconfiguration

912xxx - DOS Protection

Affected Software

Vendor	Product	Version
imagemagick	imagemagick	up to 6.9.13-40
imagemagick	imagemagick	7.0.0-0 - 7.1.2-15

References

github.com (Third Party Advisory)

Back to CVE Database