Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
ImageMagick Exposes Sensitive Information to Unauthenticated Users
UBUNTU-CVE-2026-28691
Summary
ImageMagick, a popular image editing and manipulation software, stores sensitive information, such as configuration settings and filenames, in a file that can be accessed by unauthorized users. This could allow attackers to gain insight into the system and potentially exploit other vulnerabilities. To mitigate this issue, ensure that the sensitive file is not accessible to untrusted users or update to the latest version of ImageMagick.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| canonical | imagemagick | All versions | – |
| canonical | imagemagick | All versions | – |
| canonical | imagemagick | All versions | – |
| canonical | imagemagick | All versions | – |
| canonical | imagemagick | All versions | – |
| canonical | imagemagick | All versions | – |
| canonical | imagemagick | All versions | – |
Original title
(ImageMagick is free and open-source software used for editing and mani ...)
Original description
(ImageMagick is free and open-source software used for editing and mani ...)
- https://ubuntu.com/security/CVE-2026-28691 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2026-28691 Third Party Advisory
Published: 10 Mar 2026 · Updated: 13 Mar 2026 · First seen: 13 Mar 2026