What is the CVSS score of CVE-2026-46523?

CVE-2026-46523 has a CVSS 3.1 base score of 6.2 (Medium). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Is there a patch available for CVE-2026-46523?

Yes, a patch is available for CVE-2026-46523. Update the affected software to the latest version immediately.

Magick.NET CVE-2026-46523

MEDIUM

Use After Free (CWE-416)

2026-05-18 https://github.com/ImageMagick/ImageMagick

GHSA-5r4x-w6p5-222q

Information Disclosure Use After Free Memory Corruption

6.2

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Source Code Evidence Fetched

May 18, 2026 - 21:33 vuln.today

Analysis Generated

May 18, 2026 - 21:33 vuln.today

DescriptionNVD

A crafted MSL image can trigger a heap-use-after-free.

AnalysisAI

Heap-use-after-free in Magick.NET's MSL (Magick Scripting Language) decoder causes a denial-of-service condition when processing a crafted MSL image file. All Magick.NET NuGet package variants across Q16, Q16-HDRI, and multi-architecture builds prior to version 14.13.1 are affected. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-46523 vulnerability details – vuln.today

Back

Magick.NET CVE-2026-46523

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Full analysis requires sign-in

Share

External POC / Exploit Code