Medium severityOSV Advisory· Published Jan 27, 2026· Updated May 6, 2026
CVE-2026-24806
CVE-2026-24806
Description
Improper Control of Generation of Code ('Code Injection') vulnerability in liuyueyi quick-media (plugins/svg-plugin/batik-codec-fix/src/main/java/org/apache/batik/ext/awt/image/codec/png modules). This vulnerability is associated with program files PNGImageEncoder.Java.
This issue affects quick-media: before v1.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.github.liuyueyi.media:batik-codec-fixMaven | <= 3.0.0 | — |
Affected products
2- Range: v0.001, v0.002, v0.003, …
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-8623-9fwr-4cxvghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-24806ghsaADVISORY
- github.com/liuyueyi/quick-media/commit/29c078450ad2865c7ad196c658cacfab55b207eeghsaWEB
- github.com/liuyueyi/quick-media/pull/122nvdWEB
- github.com/github/advisory-database/pull/7437nvd
- github.com/liuyueyi/quick-media/pull/122nvd
News mentions
0No linked articles in our index yet.