Medium severity6.3NVD Advisory· Published Feb 24, 2026· Updated Apr 29, 2026
CVE-2026-3102
CVE-2026-3102
Description
A vulnerability was determined in exiftool up to 13.49 on macOS. This issue affects the function SetMacOSTags of the file lib/Image/ExifTool/MacOS.pm of the component PNG File Parser. This manipulation of the argument DateTimeOriginal causes os command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. Upgrading to version 13.50 is capable of addressing this issue. Patch name: e9609a9bcc0d32bd252a709a562fb822d6dd86f7. Upgrading the affected component is recommended.
Affected products
1Patches
1e9609a9bcc0dhttps://github.com/exiftool/exiftoolvia nvd-ref
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
6- github.com/exiftool/exiftool/commit/e9609a9bcc0d32bd252a709a562fb822d6dd86f7nvdPatch
- vuldb.comnvdExploitThird Party AdvisoryVDB Entry
- www.youtube.com/watchnvdExploit
- vuldb.comnvdThird Party AdvisoryVDB Entry
- github.com/exiftool/exiftool/releases/tag/13.50nvdRelease Notes
- vuldb.comnvdPermissions Required
News mentions
0No linked articles in our index yet.