CVE-2026-27798
Published: 26 February 2026
Summary
CVE-2026-27798 is a medium-severity Out-of-bounds Read (CWE-125) vulnerability in Imagemagick Imagemagick. Its CVSS base score is 4.0 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked at the 4.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2026-27798 is a heap buffer over-read vulnerability in ImageMagick, a free and open-source software suite for editing and manipulating digital images. The flaw affects versions prior to 7.1.2-15 and 6.9.13-40, manifesting when processing an image with small dimensions using the `-wavelet-denoise` operator. It is classified under CWE-125 (Out-of-bounds Read) and CWE-126 (Buffer Over-read), with a CVSS v3.1 base score of 4.0 (AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).
A local attacker can exploit this vulnerability with low attack complexity, requiring no privileges or user interaction. Exploitation allows limited disclosure of confidential information from the heap memory, without impacting integrity or availability, due to the unchanged scope.
Patched versions 7.1.2-15 and 6.9.13-40 of ImageMagick address the issue, as detailed in the project's GitHub security advisory GHSA-qpgx-jfcq-r59f and fixing commit 0377e60b3c0d766bd7271221c95d9ee54f6a3738. Magick.NET release 14.10.3 also incorporates the fix for affected integrations.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-8771
Vulnerability details
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability occurs when processing an image with small dimension using the `-wavelet-denoise` operator. Versions 7.1.2-15 and 6.9.13-40…
more
contain a patch.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Heap over-read enables direct local memory data access on the system when the specific ImageMagick operator is invoked.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely application of the patches in 7.1.2-15 / 6.9.13-40 that close the wavelet-denoise heap over-read.
Requires scanning to discover installations of the vulnerable ImageMagick versions before an attacker can exploit the local over-read.
Enforces configuration settings that restrict or replace the affected ImageMagick binary / operator set with approved versions.