Review
RURBAN
CVE published 2026-06-14
CVE-2026-11526
CVE-2026-11526 is a vulnerability in the GD Perl library that allows for OS command injection and file overwrite. The vulnerability exists in the _make_filehandle function, which uses Perl's 2-arg open() function to open a filename argument. This allows an attacker to inject arbitrary commands or overwrite files by providing a specially crafted filename. The vulnerability affects GD Perl library versions before 2.86.