ImageMagick's policy bypass through path traversal allows reading restricted content despite secured policy
Description
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, ImageMagick’s path security policy is enforced on the raw filename string before the filesystem resolves it. As a result, a policy rule such as /etc/* can be bypassed by a path traversal. The OS resolves the traversal and opens the sensitive file, but the policy matcher only sees the unnormalized path and therefore allows the read. This enables local file disclosure (LFI) even when policy-secure.xml is applied. Actions to prevent reading from files have been taken in versions .7.1.2-15 and 6.9.13-40 But it make sure writing is also not possible the following should be added to one's policy. This will also be included in ImageMagick's more secure policies by default.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
ImageMagick's path security policy is enforced on raw filenames before filesystem resolution, enabling path traversal bypass and local file disclosure.
Vulnerability
Details
ImageMagick's path security policy, defined in policy-secure.xml, is intended to restrict file access by pattern matching on file paths. However, prior to versions 7.1.2-15 and 6.9.13-40, the policy is evaluated on the raw, unnormalized filename string before the operating system resolves any path traversal components [2][4]. This means a rule like /etc/* will not match a path such as /etc/../etc/passwd because the policy matcher sees the literal string with .. rather than the canonical path.
Exploitation
An attacker who can supply a filename to ImageMagick (e.g., via a web application that processes user-uploaded images) can craft a path that includes traversal sequences like ../. The OS resolves these sequences and opens the intended sensitive file, but the policy check only sees the unnormalized path and incorrectly allows the operation [2]. No authentication is required beyond the ability to invoke ImageMagick with a controlled filename.
Impact
Successful exploitation leads to local file disclosure (LFD), allowing an attacker to read arbitrary files on the system that the ImageMagick process has access to, such as /etc/passwd or application configuration files. This bypasses the security policy even when it is explicitly configured to block access to sensitive directories [4].
Mitigation
The issue is fixed in ImageMagick versions 7.1.2-15 and 6.9.13-40 [2][3]. Additionally, administrators are advised to add a policy rule `` to prevent path traversal patterns from being accepted. This rule will be included by default in future secure policies [4].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
Magick.NET-Q16-AnyCPUNuGet | < 14.10.3 | 14.10.3 |
Magick.NET-Q16-HDRI-AnyCPUNuGet | < 14.10.3 | 14.10.3 |
Magick.NET-Q16-HDRI-OpenMP-arm64NuGet | < 14.10.3 | 14.10.3 |
Magick.NET-Q16-HDRI-OpenMP-x64NuGet | < 14.10.3 | 14.10.3 |
Magick.NET-Q16-HDRI-arm64NuGet | < 14.10.3 | 14.10.3 |
Magick.NET-Q16-HDRI-x64NuGet | < 14.10.3 | 14.10.3 |
Magick.NET-Q16-HDRI-x86NuGet | < 14.10.3 | 14.10.3 |
Magick.NET-Q16-OpenMP-arm64NuGet | < 14.10.3 | 14.10.3 |
Magick.NET-Q16-OpenMP-x64NuGet | < 14.10.3 | 14.10.3 |
Magick.NET-Q16-OpenMP-x86NuGet | < 14.10.3 | 14.10.3 |
Magick.NET-Q16-arm64NuGet | < 14.10.3 | 14.10.3 |
Magick.NET-Q16-x64NuGet | < 14.10.3 | 14.10.3 |
Magick.NET-Q16-x86NuGet | < 14.10.3 | 14.10.3 |
Magick.NET-Q8-AnyCPUNuGet | < 14.10.3 | 14.10.3 |
Magick.NET-Q8-OpenMP-arm64NuGet | < 14.10.3 | 14.10.3 |
Magick.NET-Q8-OpenMP-x64NuGet | < 14.10.3 | 14.10.3 |
Magick.NET-Q8-arm64NuGet | < 14.10.3 | 14.10.3 |
Magick.NET-Q8-x64NuGet | < 14.10.3 | 14.10.3 |
Magick.NET-Q8-x86NuGet | < 14.10.3 | 14.10.3 |
Affected products
2<7.1.2-15 and <6.9.13-40+ 1 more
- (no CPE)range: <7.1.2-15 and <6.9.13-40
- (no CPE)range: >= 7.0.0, < 7.1.2-15
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- github.com/advisories/GHSA-8jvj-p28h-9gm7ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-25965ghsaADVISORY
- github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8jvj-p28h-9gm7ghsax_refsource_CONFIRMWEB
- github.com/dlemstra/Magick.NET/releases/tag/14.10.3ghsaWEB
News mentions
0No linked articles in our index yet.