Zero Day MonitorZDM
DashboardVulnerabilitiesTrendingZero-DaysNewsAbout
Login
ImpressumPrivacy Policy
Zero Day Monitor © 2026
3239 articles · 170280 vulns · 37/41 feeds (7d)
← Back to list
5.5
CVE-2026-55628EXPLOITEDPATCHED
red hat · ansible

ImageMagick: Policy Bypass in concatenate operation due to missing checks

Description

A vulnerability classified as problematic has been found in ImageMagick up to 7.1.2-25. Affected by this vulnerability is an unknown functionality of the component Security Policy Handler. This manipulation causes file inclusion. This vulnerability is handled as CVE-2026-55628. The attack can be initiated remotely.

Affected Products

VendorProductVersions
red hatansible< 7.1.2-26, 7.1.2-25

References

  • https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-82mp-vp5c-9pf7(x_refsource_CONFIRM)

Related News (15 articles)

Tier C
VulDB1d ago
CVE-2026-55628 | ImageMagick up to 7.1.2-25 Security Policy file inclusion (GHSA-82mp-vp5c-9pf7)
→ No new info (linked only)
Tier B
BSI Advisories25d ago
[UPDATE] [mittel] Ansible: Schwachstelle ermöglicht Offenlegung von Informationen
→ No new info (linked only)
Tier B
BSI Advisories25d ago
[UPDATE] [mittel] Ansible: Schwachstelle ermöglicht Offenlegung von Informationen
→ No new info (linked only)
Tier B
BSI Advisories25d ago
[UPDATE] [mittel] Ansible: Schwachstelle ermöglicht Offenlegung von Informationen
→ No new info (linked only)
Tier B
BSI Advisories25d ago
[UPDATE] [mittel] Ansible: Schwachstelle ermöglicht Offenlegung von Informationen
→ No new info (linked only)
Tier B
BSI Advisories25d ago
[UPDATE] [mittel] Ansible Tower: Schwachstelle ermöglicht Offenlegung von Informationen
→ No new info (linked only)
Tier B
BSI Advisories25d ago
[UPDATE] [mittel] Ansible: Schwachstelle ermöglicht Offenlegung von Informationen
→ No new info (linked only)
Tier B
BSI Advisories25d ago
[UPDATE] [mittel] Ansible: Schwachstelle ermöglicht Offenlegung von Informationen
→ No new info (linked only)
Tier B
BSI Advisories25d ago
[UPDATE] [mittel] Ansible: Schwachstelle ermöglicht Privilegieneskalation
→ No new info (linked only)
Tier B
BSI Advisories25d ago
[UPDATE] [mittel] Ansible: Mehrere Schwachstellen
→ No new info (linked only)
Tier B
BSI Advisories25d ago
[UPDATE] [niedrig] Ansible: Schwachstelle ermöglicht Offenlegung von Informationen
→ No new info (linked only)
Tier B
BSI Advisories25d ago
[UPDATE] [niedrig] Ansible: Schwachstelle ermöglicht Unsicheres Erzeugen von temporären Dateien
→ No new info (linked only)
Tier B
BSI Advisories25d ago
[UPDATE] [mittel] Ansible: Schwachstelle ermöglicht Manipulation von Dateien
→ No new info (linked only)
Tier B
BSI Advisories25d ago
[UPDATE] [hoch] Ansible: Mehrere Schwachstellen ermöglichen Ausführen von beliebigem Programmcode
→ No new info (linked only)
Tier B
BSI Advisories25d ago
[UPDATE] [mittel] Red Hat Enterprise Linux Virtualization (Ansible) : Schwachstelle ermöglicht Offenlegung von Informationen
→ No new info (linked only)
CVSS 3.15.5 HIGH
VectorCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CISA KEV❌ No
Actively exploited✅ Yes
Patch available
7.1.2-26
CWECWE-73, CWE-862, CWE-377
PublishedJul 1, 2026
Last enriched1d agov2
Tags
insecure temporary filelocal attackansibleinformation disclosureprivilege escalationAnsible Towerremote code executionauthenticated attackmultiple vulnerabilities
Trending Score52
Source articles15
Independent2
Info Completeness9/14
Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0
Login to vote
0 upvotes0 downvotes
No votes yet

Related CVEs (5)

NONECVE-2026-14258EXP
Dhcpcd: dhcpcd infinite loop and out-of-bounds read via zero-length ipv6 nd option in router advertisement handling
Trending: 59
HIGHCVE-2026-12505EXP
Cifs-utils: local privilege escalation via forged cifs.spnego key description in cifs.upcall
Trending: 39
NONECVE-2026-54369EXP
acl < 2.4.0 Symlink Traversal Privilege Escalation via libacl Functions
Trending: 37
NONECVE-2026-58013EXP
Glib: buffer over-read in glib/giochannel.c via "g_io_channel_read_line_backend"
Trending: 36
NONECVE-2026-12388EXP
Keycloak-broker: keycloak: privilege escalation to realm administrator via improper authorization in identity provider mapper
Trending: 35

Pin to Dashboard

Verification

State: unverified
Confidence: 0%

Vulnerability Timeline

CVE Published
Jul 1, 2026
Discovered by ZDM
Jul 1, 2026
Actively Exploited
Jul 1, 2026
Exploit Available
Jul 1, 2026
Patch Available
Jul 1, 2026
Updated: description, affectedVersions, severity, activelyExploited, patchAvailable
Jul 1, 2026

Version History

v2
Last enriched 1d ago
v2Tier C1d ago

Updated description with new details, changed affected versions to include 7.1.2-25, updated severity to HIGH, and noted that the vulnerability is actively exploited.

descriptionaffectedVersionsseverityactivelyExploitedpatchAvailable
via VulDB
v11d ago

Initial creation