CVE-2026-4755
Published: 24 March 2026
Description
CWE-20 vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-11.
Mitigating Controls (NIST 800-53 r5)AI
Directly addresses remediation by requiring timely patching of the improper input validation flaw in Android-ImageMagick7 prior to version 7.1.2-11.
Enforces comprehensive input validation for image data processed by the vulnerable library, countering the core CWE-20 improper input validation issue.
Vulnerability scanning identifies the presence of CVE-2026-4755 in system components, enabling targeted remediation.
Security SummaryAI
CVE-2026-4755 is a CWE-20 (Improper Input Validation) vulnerability in the MolotovCherry Android-ImageMagick7 library. This issue affects versions of Android-ImageMagick7 prior to 7.1.2-11. The vulnerability carries a CVSS v3.1 base score of 9.8, indicating critical severity due to its potential for high impact on confidentiality, integrity, and availability.
Remote attackers can exploit this vulnerability over the network with low complexity, requiring no privileges or user interaction. Successful exploitation allows unauthenticated adversaries to achieve high-impact effects, including unauthorized access to sensitive data, modification of system resources, and disruption of service.
Mitigation is addressed in the referenced GitHub pull request at https://github.com/MolotovCherry/Android-ImageMagick7/pull/193, which corresponds to the release of version 7.1.2-11. Security practitioners should update affected Android-ImageMagick7 installations to this version or later to remediate the issue.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability allows remote, unauthenticated attackers to exploit a public-facing application component (ImageMagick library) over the network with no user interaction, directly mapping to T1190: Exploit Public-Facing Application.