CVE-2026-25971
Published: 24 February 2026
Summary
CVE-2026-25971 is a medium-severity Uncontrolled Recursion (CWE-674) vulnerability in Imagemagick Imagemagick. Its CVSS base score is 6.2 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 10.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2026-25971 affects ImageMagick, a free and open-source software suite for editing and manipulating digital images. The vulnerability arises in the Magick component, where prior to versions 7.1.2-15 and 6.9.13-40, the software fails to check for circular references between two MSL (Magick Scripting Language) files. This flaw triggers a stack overflow, classified under CWE-674 (Uncontrolled Recursion) and CWE-787 (Out-of-bounds Write), with a CVSS v3.1 base score of 6.2 (AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
A local attacker can exploit this vulnerability with low complexity and no privileges or user interaction required. By providing specially crafted MSL files with circular references, the attacker induces a stack overflow in ImageMagick, resulting in high-impact availability disruption, such as process crashes or denial of service.
The official GitHub security advisory (GHSA-8mpr-6xr2-chhc) confirms that ImageMagick versions 7.1.2-15 and 6.9.13-40 include patches to address the circular reference check failure. Security practitioners should update to these fixed versions to mitigate the issue.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-7427
Vulnerability details
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, Magick fails to check for circular references between two MSLs, leading to a stack overflow. Versions 7.1.2-15 and 6.9.13-40 contain a…
more
patch.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The CVE describes a local stack overflow (via uncontrolled recursion in MSL parsing) that directly causes ImageMagick process crashes, enabling Endpoint DoS through application exploitation (T1499.004). No other techniques are supported by the described impact or attack vector.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires applying the vendor patches (7.1.2-15 / 6.9.13-40) that add the missing circular-reference checks in MSL processing.
Mandates validation of all input (here, MSL files) to reject malformed constructs such as circular references before they reach the parser.
Requires memory-protection mechanisms that can contain or terminate uncontrolled recursion and resulting stack overflows before full denial of service occurs.