ImageMagick Zero-Day Enables RCE on Linux and WordPress Servers
ImageMagick Zero-Day Enables RCE on Linux and WordPress Servers
https://hackread.com/imagemagick-zero-day-rce-linux-wordpress-servers/
Publish Date: 2026-04-01 06:56:00
Source Domain: hackread.com
A widespread security crisis has hit ImageMagick, the ubiquitous, highly popular software tool used by millions of websites to process and resize images. This discovery, made by Octagon Networks using their autonomous engine pwn.ai, reveals that simply uploading a specifically crafted picture, even a standard .jpg, could allow hackers to achieve Remote Code Execution (RCE) and take complete control of a web server.
Most websites use ImageMagick for the technical heavy lifting of image processing. As we know it, security systems usually check file extensions like .png for safety, but researchers found that ImageMagick looks deeper into a file’s internal code. By using a technique they called a magic byte shift, an attacker can disguise a dangerous script as a harmless photo.
“pwn.ai identified ImageMagick as the primary attack vector. Given there was nothing else on the application, the agent did something unusual: it downloaded ImageMagick into its own sandboxed environment and began a multi-day, systematic audit of the entire processing pipeline,” researchers wrote in the blog post.
A Failure of Recommended Defences
According to Octagon Networks’ research, the software is far too trusting of these hidden characters, allowing hackers to bypass security rules entirely. The problem is worsened because ImageMagick often acts as a middleman, handing complex files to a secondary tool called GhostScript.
Further investigation revealed that even when the main software was told to block certain files, it still passed them to GhostScript to execute malicious commands. This allows an attacker to read private passwords or write new files to create a permanent backdoor.
Furthermore, attackers can use the Magick Scripting Language (MSL) to escape security sandboxes and move files anywhere on a computer’s hard drive. This discovery affects almost every major Linux distribution, including Ubuntu 22.04, Debian, and Amazon Linux. Even the most…
