GHSA-2rgj-gx5x-f62wMediumCVSS 4.1

ImageMagick: Information Disclosure in distributed pixel cache server because it is not using a challenge–response authentication model

Published
May 22, 2026
Last Modified
May 22, 2026

🔗 CVE IDs covered (1)

CVE-2026-47165

📋 Description

The distributed pixel cache was originally designed to operate without a challenge–response authentication model. However, given today’s heightened security expectations, we have changed our implementation.

🎯 Affected products17

  • nuget/Magick.NET-Q16-AnyCPU:< 14.12.0
  • nuget/Magick.NET-Q16-HDRI-AnyCPU:< 14.12.0
  • nuget/Magick.NET-Q16-HDRI-OpenMP-arm64:< 14.12.0
  • nuget/Magick.NET-Q16-HDRI-arm64:< 14.12.0
  • nuget/Magick.NET-Q16-HDRI-x64:< 14.12.0
  • nuget/Magick.NET-Q16-HDRI-x86:< 14.12.0
  • nuget/Magick.NET-Q16-OpenMP-arm64:< 14.12.0
  • nuget/Magick.NET-Q16-OpenMP-x64:< 14.12.0
  • nuget/Magick.NET-Q16-arm64:< 14.12.0
  • nuget/Magick.NET-Q16-x64:< 14.12.0
  • nuget/Magick.NET-Q16-x86:< 14.12.0
  • nuget/Magick.NET-Q8-AnyCPU:< 14.12.0
  • nuget/Magick.NET-Q8-OpenMP-arm64:< 14.12.0
  • nuget/Magick.NET-Q8-OpenMP-x64:< 14.12.0
  • nuget/Magick.NET-Q8-arm64:< 14.12.0
  • nuget/Magick.NET-Q8-x64:< 14.12.0
  • nuget/Magick.NET-Q8-x86:< 14.12.0

🔗 References (2)