CVE-2026-3102 | exiftool up to 13.49 on macOS PNG File Parser MacOS.pm SetMacOSTags DateTimeOriginal os command injection

Inserito da Angelo Barbosa | Feb 24, 2026 | CVE

A vulnerability was found in exiftool up to 13.49 on macOS. It has been classified as critical. This issue affects the function SetMacOSTags of the file lib/Image/ExifTool/MacOS.pm of the component PNG File Parser. This manipulation of the argument DateTimeOriginal causes os command injection.

This vulnerability is tracked as CVE-2026-3102. The attack is possible to be carried out remotely. Moreover, an exploit is present.

Upgrading the affected component is recommended.

CVE-2026-3102 | exiftool up to 13.49 on macOS PNG File Parser MacOS.pm SetMacOSTags DateTimeOriginal os command injection

Post correlati

CVE-2024-58264 | CosmWasm serde-json-wasm Crate up to 1.0.0 on Rust Deeply Nested JSON Data recursion (RUSTSEC-2024-0012)

CVE-2025-9704 | SourceCodester Water Billing System 1.0 /viewbill.php ID sql injection

CVE-2025-15129 | ChenJinchuang Lin-CMS-TP5 up to 0.3.3 File Upload LocalUploader.php upload code injection

CVE-2024-35646 | Smartarget Message Bar Plugin up to 1.3 on WordPress cross site scripting