ImageMagick: Policy Bypass can read disallowed files via symlink
Moderate severity
GitHub Reviewed
Published
May 30, 2026
in
ImageMagick/ImageMagick
•
Updated Jun 25, 2026
Description
Published by the National Vulnerability Database
Jun 10, 2026
Published to the GitHub Advisory Database
Jun 25, 2026
Reviewed
Jun 25, 2026
Last updated
Jun 25, 2026
An incorrect parsing of the filename can result in a policy bypass and read files disallowed by a security policy using a symlink.
References