Magick.NET CVE-2026-46693
MEDIUMSeverity by source
AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
Primary rating from Vendor (https://github.com/ImageMagick/ImageMagick).
CVSS VectorVendor: https://github.com/ImageMagick/ImageMagick
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
An attacker who can connect to a magick -distribute-cache service can hijack a file descriptor in the server process when a race condition is met.
AnalysisAI
File descriptor hijacking in ImageMagick's distributed pixel cache server (magick -distribute-cache) exposes sensitive data via a race condition exploitable by a privileged local attacker. Affected are all Magick.NET NuGet packages across Q16, Q16-HDRI, OpenMP, and ARM64 variants prior to version 14.12.0. Successful exploitation yields high-confidentiality impact - an attacker can read file descriptors belonging to the server process - though no public exploit code exists and this is not currently listed in the CISA KEV catalog.
Technical ContextAI
ImageMagick's distributed pixel cache subsystem (invoked via magick -distribute-cache) offloads pixel cache I/O to a separate server process, enabling distributed image processing across nodes. The vulnerability stems from CWE-362 (Concurrent Execution Using Shared Resource with Improper Synchronization), a classic race condition in which the server process does not atomically validate and assign file descriptors during connection handling. An attacker who establishes a connection to this service during a vulnerable timing window can manipulate the file descriptor table of the server process before synchronization completes. The affected packages are the .NET bindings (Magick.NET) that bundle the ImageMagick native libraries; all Q16 depth variants (standard, HDRI, OpenMP) and all CPU architectures (AnyCPU, x64, x86, arm64) are affected. CPE data confirms the scope spans: pkg:nuget/magick.net-q16-anycpu, pkg:nuget/magick.net-q16-hdri-anycpu, pkg:nuget/magick.net-q16-hdri-openmp-arm64, pkg:nuget/magick.net-q16-hdri-arm64, pkg:nuget/magick.net-q16-hdri-x64, pkg:nuget/magick.net-q16-hdri-x86, pkg:nuget/magick.net-q16-openmp-arm64, pkg:nuget/magick.net-q16-openmp-x64, pkg:nuget/magick.net-q16-arm64, and pkg:nuget/magick.net-q16-x64.
RemediationAI
Upgrade all Magick.NET NuGet package variants to version 14.12.0 or later; this is the vendor-released patch confirmed by the GHSA advisory at https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-4g75-9r48-jf92. If immediate upgrade is not feasible, the most effective compensating control is to disable or not expose the magick -distribute-cache service entirely - this feature is non-default and unnecessary for single-node image processing workloads; disabling it fully eliminates the attack surface with no functional impact for typical use cases. If the distributed cache is operationally required, restrict access to the service endpoint using host-based firewall rules or OS-level access controls to limit which accounts or processes can connect, thereby addressing the privilege and access vector preconditions. Note that network-level blocking alone is insufficient if the AV:L classification is accurate and the service is a local IPC endpoint - in that case, OS user/group permissions on the socket or pipe are the correct enforcement boundary.
Same weakness CWE-362 – Race Condition
View allSame technique Information Disclosure
View allVendor StatusVendor
SUSE
Severity: Moderate| Product | Status |
|---|---|
| SUSE Linux Enterprise Desktop 15 SP7 | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP7 | Affected |
| SUSE Linux Enterprise Module for Desktop Applications 15 SP7 | Affected |
| SUSE Linux Enterprise Module for Development Tools 15 SP7 | Affected |
| SUSE Linux Enterprise Module for Package Hub 15 SP7 | Not-Affected |
| SUSE Linux Enterprise Server 15 SP7 | Affected |
| SUSE Linux Enterprise Server 16.0 | Affected |
| SUSE Linux Enterprise Server 16.1 | Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP7 | Affected |
| SUSE Linux Enterprise Server for SAP applications 16.0 | Affected |
| SUSE Linux Enterprise Server for SAP applications 16.1 | Affected |
| openSUSE Leap 16.0 | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP4 | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP5 | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS | Affected |
| SUSE Linux Enterprise Module for Desktop Applications 15 SP4 | Affected |
| SUSE Linux Enterprise Module for Desktop Applications 15 SP5 | Affected |
| SUSE Linux Enterprise Module for Desktop Applications 15 SP6 | Affected |
| SUSE Linux Enterprise Module for Development Tools 15 SP4 | Affected |
| SUSE Linux Enterprise Module for Development Tools 15 SP5 | Affected |
| SUSE Linux Enterprise Server 12 SP5 | Affected |
| SUSE Linux Enterprise Server 12 SP5-LTSS | Affected |
| SUSE Linux Enterprise Server 12 SP5-LTSS Extended Security | Affected |
| SUSE Linux Enterprise Server 15 SP4 | Affected |
| SUSE Linux Enterprise Server 15 SP4-LTSS | Affected |
| SUSE Linux Enterprise Server 15 SP5 | Affected |
| SUSE Linux Enterprise Server 15 SP5-LTSS | Affected |
| SUSE Linux Enterprise Server 15 SP6 | Affected |
| SUSE Linux Enterprise Server 15 SP6-LTSS | Affected |
| SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 | Affected |
| SUSE Linux Enterprise Server for SAP Applications 12 SP5 | Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP6 | Affected |
| SUSE Manager Proxy 4.3 | Affected |
| SUSE Manager Retail Branch Server 4.3 | Affected |
| SUSE Manager Server 4.3 | Affected |
| SUSE CaaS Platform 4.0 | Affected |
| SUSE Enterprise Storage 6 | Affected |
| SUSE Enterprise Storage 7 | Affected |
| SUSE Enterprise Storage 7.1 | Affected |
| SUSE Linux Enterprise Desktop 12 | Affected |
| SUSE Linux Enterprise Desktop 12 SP1 | Affected |
| SUSE Linux Enterprise Desktop 12 SP2 | Affected |
| SUSE Linux Enterprise Desktop 12 SP3 | Affected |
| SUSE Linux Enterprise Desktop 12 SP4 | Affected |
| SUSE Linux Enterprise Desktop 15 | Affected |
| SUSE Linux Enterprise Desktop 15 SP1 | Affected |
| SUSE Linux Enterprise Desktop 15 SP2 | Affected |
| SUSE Linux Enterprise Desktop 15 SP3 | Affected |
| SUSE Linux Enterprise Desktop 15 SP4 | Affected |
| SUSE Linux Enterprise Desktop 15 SP5 | Affected |
| SUSE Linux Enterprise Desktop 15 SP6 | Affected |
| SUSE Linux Enterprise High Performance Computing 15 | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP1 | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP2 | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP3 | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP6 | Affected |
| SUSE Linux Enterprise High Performance Computing 15-ESPOS | Affected |
| SUSE Linux Enterprise High Performance Computing 15-LTSS | Affected |
| SUSE Linux Enterprise Module for Desktop Applications 15 | Affected |
| SUSE Linux Enterprise Module for Desktop Applications 15 SP1 | Affected |
| SUSE Linux Enterprise Module for Desktop Applications 15 SP2 | Affected |
| SUSE Linux Enterprise Module for Desktop Applications 15 SP3 | Affected |
| SUSE Linux Enterprise Module for Development Tools 15 | Affected |
| SUSE Linux Enterprise Module for Development Tools 15 SP1 | Affected |
| SUSE Linux Enterprise Module for Development Tools 15 SP2 | Affected |
| SUSE Linux Enterprise Module for Development Tools 15 SP3 | Affected |
| SUSE Linux Enterprise Module for Package Hub 15 SP6 | Not-Affected |
| SUSE Linux Enterprise Point of Sale 12 SP2-CLIENT | Affected |
| SUSE Linux Enterprise Real Time 15 SP2 | Affected |
| SUSE Linux Enterprise Real Time 15 SP3 | Affected |
| SUSE Linux Enterprise Real Time 15 SP4 | Affected |
| SUSE Linux Enterprise Server 12 | Affected |
| SUSE Linux Enterprise Server 12 SP1 | Affected |
| SUSE Linux Enterprise Server 12 SP1-LTSS | Affected |
| SUSE Linux Enterprise Server 12 SP2 | Affected |
| SUSE Linux Enterprise Server 12 SP2-BCL | Affected |
| SUSE Linux Enterprise Server 12 SP2-ESPOS | Affected |
| SUSE Linux Enterprise Server 12 SP2-LTSS | Affected |
| SUSE Linux Enterprise Server 12 SP3 | Affected |
| SUSE Linux Enterprise Server 12 SP3-BCL | Affected |
| SUSE Linux Enterprise Server 12 SP3-ESPOS | Affected |
| SUSE Linux Enterprise Server 12 SP3-LTSS | Affected |
| SUSE Linux Enterprise Server 12 SP4 | Affected |
| SUSE Linux Enterprise Server 12 SP4-ESPOS | Affected |
| SUSE Linux Enterprise Server 12 SP4-LTSS | Affected |
| SUSE Linux Enterprise Server 12-LTSS | Affected |
| SUSE Linux Enterprise Server 15 | Affected |
| SUSE Linux Enterprise Server 15 SP1 | Affected |
| SUSE Linux Enterprise Server 15 SP1-BCL | Affected |
| SUSE Linux Enterprise Server 15 SP1-LTSS | Affected |
| SUSE Linux Enterprise Server 15 SP2 | Affected |
| SUSE Linux Enterprise Server 15 SP2-BCL | Affected |
| SUSE Linux Enterprise Server 15 SP2-LTSS | Affected |
| SUSE Linux Enterprise Server 15 SP3 | Affected |
| SUSE Linux Enterprise Server 15 SP3-BCL | Affected |
| SUSE Linux Enterprise Server 15 SP3-LTSS | Affected |
| SUSE Linux Enterprise Server 15-LTSS | Affected |
| SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 | Affected |
| SUSE Linux Enterprise Server for SAP Applications 12 | Affected |
| SUSE Linux Enterprise Server for SAP Applications 12 SP1 | Affected |
| SUSE Linux Enterprise Server for SAP Applications 12 SP2 | Affected |
| SUSE Linux Enterprise Server for SAP Applications 12 SP3 | Affected |
| SUSE Linux Enterprise Server for SAP Applications 12 SP4 | Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 | Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP1 | Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP2 | Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP3 | Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP4 | Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP5 | Affected |
| SUSE Linux Enterprise Software Development Kit 12 | Affected |
| SUSE Linux Enterprise Software Development Kit 12 SP1 | Affected |
| SUSE Linux Enterprise Software Development Kit 12 SP2 | Affected |
| SUSE Linux Enterprise Software Development Kit 12 SP3 | Affected |
| SUSE Linux Enterprise Software Development Kit 12 SP4 | Affected |
| SUSE Linux Enterprise Software Development Kit 12 SP5 | Affected |
| SUSE Linux Enterprise Workstation Extension 12 | Affected |
| SUSE Linux Enterprise Workstation Extension 12 SP1 | Affected |
| SUSE Linux Enterprise Workstation Extension 12 SP2 | Affected |
| SUSE Linux Enterprise Workstation Extension 12 SP3 | Affected |
| SUSE Linux Enterprise Workstation Extension 12 SP4 | Affected |
| SUSE Linux Enterprise Workstation Extension 12 SP5 | Affected |
| SUSE Manager Proxy 4.0 | Affected |
| SUSE Manager Proxy 4.1 | Affected |
| SUSE Manager Proxy 4.2 | Affected |
| SUSE Manager Retail Branch Server 4.0 | Affected |
| SUSE Manager Retail Branch Server 4.1 | Affected |
| SUSE Manager Retail Branch Server 4.2 | Affected |
| SUSE Manager Server 4.0 | Affected |
| SUSE Manager Server 4.1 | Affected |
| SUSE Manager Server 4.2 | Affected |
| SUSE OpenStack Cloud 7 | Affected |
| SUSE OpenStack Cloud 8 | Affected |
| SUSE OpenStack Cloud 9 | Affected |
| SUSE OpenStack Cloud Crowbar 8 | Affected |
| SUSE OpenStack Cloud Crowbar 9 | Affected |
| openSUSE Leap 15.3 | Affected |
| openSUSE Leap 15.4 | Affected |
| openSUSE Leap 15.5 | Affected |
| openSUSE Leap 15.6 | Not-Affected |
Share
External POC / Exploit Code
Leaving vuln.today
GHSA-4g75-9r48-jf92