CVE-2026-4755
Input Validation Flaw in Android-ImageMagick7 Before
Publication date: 2026-03-24
Last updated on: 2026-03-26
Assigner: Government Technology Agency of Singapore Cyber Security Group (GovTech CSG)
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| molotovcherry | android-imagemagick7 | to 7.1.2-11 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-4755 is a remote code execution vulnerability in the OpenBlob function of a cloned version of ImageMagick used in the MolotovCherry Android-ImageMagick7 project. The issue arises because the cloned code did not receive a critical security patch that was applied to the original ImageMagick repository. This flaw allows an attacker to execute arbitrary shell commands via the OpenBlob function when ImageMagick is configured with the --enable-pipes option.
The vulnerability is caused by improper input validation (CWE-20) leading to shell command injection. A security patch from the original ImageMagick repository was backported to fix this issue in the cloned codebase, eliminating the risk of remote code execution.
How can this vulnerability impact me? :
This vulnerability can have severe impacts as it allows an attacker to remotely execute arbitrary shell commands on the affected system without any privileges or user interaction. This can lead to full system compromise, data theft, data corruption, or disruption of services.
Because the vulnerability affects a widely used image processing library in an Android project, any application or system using the vulnerable version before 7.1.2-11 could be exploited remotely, potentially leading to unauthorized access and control over the device or server.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability is a remote code execution issue in the OpenBlob function of the MolotovCherry Android-ImageMagick7 project before version 7.1.2-11, caused by shell command injection when configured with the --enable-pipes option.'}, {'type': 'paragraph', 'content': 'To detect if your system is vulnerable, you should first identify if you are running a version of Android-ImageMagick7 prior to 7.1.2-11.'}, {'type': 'paragraph', 'content': 'You can check the version of the installed ImageMagick library or the MolotovCherry Android-ImageMagick7 package by running commands such as:'}, {'type': 'list_item', 'content': 'For checking ImageMagick version: `convert --version` or `magick --version`'}, {'type': 'list_item', 'content': 'For checking package version on Android or Linux systems: `dpkg -l | grep android-imagemagick7` or `rpm -qa | grep android-imagemagick7`'}, {'type': 'paragraph', 'content': "Additionally, monitoring logs for suspicious shell command executions or unexpected behavior related to ImageMagick's OpenBlob function could help detect exploitation attempts."}] [1]
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to update the MolotovCherry Android-ImageMagick7 package to version 7.1.2-11 or later, which includes the security patch that fixes the shell command injection vulnerability in the OpenBlob function.
If an immediate update is not possible, consider disabling or avoiding the use of the --enable-pipes option in ImageMagick configurations, as this option is related to the vulnerability.
Also, restrict access to the vulnerable service or application to trusted users and networks to reduce the risk of exploitation.
Monitor system logs for any suspicious activity related to ImageMagick usage and consider applying any available vendor or community patches that backport the fix.