ImageMagick Pixel Cache Auth Bypass (6.9.13-47, 7.1.2-22)
CVE-2026-47165 Published on June 10, 2026
ImageMagick: Information Disclosure in distributed pixel cache server because it is not using a challenge–response authentication model
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, the distributed pixel cache was originally designed to operate without a challengeresponse authentication model. This has been changed in versions 6.9.13-48 and 7.1.2-23.
Vulnerability Analysis
CVE-2026-47165 can be exploited with local system access, and requires user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Weakness Type
What is an Information Disclosure Vulnerability?
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CVE-2026-47165 has been classified to as an Information Disclosure vulnerability or weakness.
Products Associated with CVE-2026-47165
Want to know whenever a new CVE is published for ImageMagick? stack.watch will email you.
Affected Versions
ImageMagick:- Version < 6.9.13-48 is affected.
- Version < 7.1.2-23 is affected.