CVE-2026-43893 - Vulnerability Analysis
HighCVSS: 8.2Last Updated: May 11, 2026
exiftool-vendored - Command Injection
Published: May 11, 2026Updated: May 11, 2026PoC AvailableRemote Exploitable
Overview
exiftool-vendored < 35.19.0 contains an argument injection caused by improper sanitization of caller-supplied strings in ExifTool arguments, letting attackers inject arguments to read or write files accessible to the ExifTool process, exploit requires attacker-controlled input.
Severity & Score
Severity: High
CVSS Score: 8.2
Impact
Attackers can read or write files accessible to the ExifTool process, potentially leading to information disclosure or data tampering.
Mitigation
Update to version 35.19.0 or later.
References
Related Resources
Details
- CVE ID
- CVE-2026-43893
- Severity
- High
- CVSS Score
- 8.2
- Type
- command_injection
- Status
- new
CWE
- CWE-88
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N