CVE-2026-46693 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2026-46693

CVE-2026-46693

Published:June 10, 2026

Updated:June 11, 2026

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an attacker who can connect to a magick -distribute-cache service can hijack a file descriptor in the server process when a race condition is met. This issue has been patched in versions 6.9.13-48 and 7.1.2-23.

Affected Packages

https://github.com/ImageMagick/ImageMagick.git (GITHUB):

Affected version(s) >=7.0.1-0 <7.1.2-23

Fix Suggestion:

Update to version 7.1.2-23

https://github.com/ImageMagick/ImageMagick6.git (GITHUB):

Affected version(s) >=6.9.4-0 <6.9.13-48

Fix Suggestion:

Update to version 6.9.13-48

magick.net-q16-hdri-x86 (NUGET):

Affected version(s) >=6.8.9.101 <14.12.0

Fix Suggestion:

Update to version 14.12.0

magick.net-q8-openmp-x64 (NUGET):

Affected version(s) >=7.14.0 <14.12.0

Fix Suggestion:

Update to version 14.12.0

magick.net-q16-hdri-x64 (NUGET):

Affected version(s) >=6.8.9.101 <14.12.0

Fix Suggestion:

Update to version 14.12.0

magick.net-q16-hdri-openmp-arm64 (NUGET):

Affected version(s) >=8.6.0 <14.12.0

Fix Suggestion:

Update to version 14.12.0

magick.net-q16-hdri-anycpu (NUGET):

Affected version(s) >=6.8.9.101 <14.12.0

Fix Suggestion:

Update to version 14.12.0

magick.net-q16-openmp-x64 (NUGET):

Affected version(s) >=7.14.0 <14.12.0

Fix Suggestion:

Update to version 14.12.0

magick.net-q16-x64 (NUGET):

Affected version(s) >=6.8.5.401 <14.12.0

Fix Suggestion:

Update to version 14.12.0

magick.net-q8-x64 (NUGET):

Affected version(s) >=6.8.5.401 <14.12.0

Fix Suggestion:

Update to version 14.12.0

magick.net-q16-openmp-arm64 (NUGET):

Affected version(s) >=8.6.0 <14.12.0

Fix Suggestion:

Update to version 14.12.0

magick.net-q8-arm64 (NUGET):

Affected version(s) >=8.6.0 <14.12.0

Fix Suggestion:

Update to version 14.12.0

magick.net-q8-anycpu (NUGET):

Affected version(s) >=6.8.8.1001 <14.12.0

Fix Suggestion:

Update to version 14.12.0

magick.net-q8-openmp-arm64 (NUGET):

Affected version(s) >=8.6.0 <14.12.0

Fix Suggestion:

Update to version 14.12.0

magick.net-q16-x86 (NUGET):

Affected version(s) >=6.8.5.401 <14.12.0

Fix Suggestion:

Update to version 14.12.0

magick.net-q16-anycpu (NUGET):

Affected version(s) >=6.8.8.1001 <14.12.0

Fix Suggestion:

Update to version 14.12.0

magick.net-q16-hdri-arm64 (NUGET):

Affected version(s) >=8.6.0 <14.12.0

Fix Suggestion:

Update to version 14.12.0

magick.net-q16-arm64 (NUGET):

Affected version(s) >=8.6.0 <14.12.0

Fix Suggestion:

Update to version 14.12.0

magick.net-q8-x86 (NUGET):

Affected version(s) >=6.8.5.401 <14.12.0

Fix Suggestion:

Update to version 14.12.0

Related Resources (3)

https://nvd.nist.gov/vuln/detail/CVE-2026-46693

https://github.com/ImageMagick/ImageMagick

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-4g75-9r48-jf92

Do you need more information?

CVSS v4

Base Score:

5.6

Attack Vector

LOCAL

Attack Complexity

HIGH

Attack Requirements

NONE

Privileges Required

HIGH

User Interaction

NONE

Vulnerable System Confidentiality

HIGH

Vulnerable System Integrity

NONE

Vulnerable System Availability

NONE

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

4.1

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Weakness Type (CWE)

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CWE-362

Unsynchronized Access to Shared Data in a Multithreaded Context

CWE-567

EPSS

Base Score:

0.01