ImageMagick has a Path Policy TOCTOU symlink race bypass
Moderate severity
GitHub Reviewed
Published
Mar 9, 2026
in
ImageMagick/ImageMagick
•
Updated Mar 10, 2026
Description
Published by the National Vulnerability Database
Mar 10, 2026
Published to the GitHub Advisory Database
Mar 10, 2026
Reviewed
Mar 10, 2026
Last updated
Mar 10, 2026
domain="path"authorization is checked before final file open/use. A symlink swap between check-time and use-time bypasses policy-denied read/write.References