PatchSiren cyber security CVE debrief
CVE-2026-46692 ImageMagick CVE debrief
CVE-2026-46692 is a medium-severity vulnerability in ImageMagick, a free and open-source software for editing and manipulating digital images. An attacker who can connect to a `magick -distribute-cache` service can cause a heap buffer over-write in the server process. This issue has been patched in versions 6.9.13-48 and 7.1.2-23.
- Vendor
- ImageMagick
- Product
- Unknown
- CVSS
- MEDIUM 4.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-10
- Original CVE updated
- 2026-06-11
- Advisory published
- 2026-06-10
- Advisory updated
- 2026-06-11
Who should care
Users of ImageMagick, particularly those who expose the `magick -distribute-cache` service, should be aware of this vulnerability and take steps to mitigate it.
Technical summary
The vulnerability is caused by a heap buffer over-write in the server process when an attacker connects to a `magick -distribute-cache` service. The CVSS score for this vulnerability is 4.1, indicating a medium severity.
Defensive priority
Medium
Recommended defensive actions
- Upgrade to ImageMagick version 6.9.13-48 or 7.1.2-23 or later.
- Limit access to the `magick -distribute-cache` service to trusted users only.
Evidence notes
The CVE record and NVD detail pages provide additional information about this vulnerability.
Official resources
-
CVE-2026-46692 CVE record
CVE.org
-
CVE-2026-46692 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
CVE-2026-46692 was published on 2026-06-10T23:16:47.450Z and modified on 2026-06-11T18:42:20.913Z.