Critical ExifTool Vulnerability (CVE-2026-3102) Threatens macOS Systems

Critical ExifTool Vulnerability (CVE-2026-3102) Threatens macOS Systems

First seen 20 May 2026, 09:55 UTC Securelistnvd.nist.govGbhackersCybersecuritynews 85% similarity 72.6

Article Content

Browse articles
ThreatCluster

A severe vulnerability in ExifTool (CVE-2026-3102) allows attackers to execute arbitrary shell commands on macOS systems by embedding malicious instructions in image file metadata. Discovered by Kaspersky's GReAT in February 2026, this flaw affects ExifTool versions 13.49 and earlier. Exploitation requires the use of the -n flag, enabling command injection via the SetMacOSTags function. The vulnerability has been publicly disclosed and poses a significant risk as it can be exploited remotely. Users are advised to upgrade to ExifTool version 13.50 to mitigate this risk. The flaw is linked to a previous vulnerability (CVE-2021-22204), showcasing ongoing issues with input validation in ExifTool. The potential for full system compromise makes this a critical security concern for macOS users.

Key Points: • CVE-2026-3102 allows remote command execution on macOS via ExifTool. • The vulnerability affects ExifTool versions 13.49 and earlier, patched in 13.50. • Attackers can exploit this flaw by embedding malicious commands in image metadata.

ThreatCluster AI

Timeline

2021-04-23
CVE-2021-22204 published
Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
MITRE
2026-02-24
CVE-2026-3102 published
A vulnerability in ExifTool was disclosed, allowing command injection through image metadata.
nvd.nist.gov
2026-05-20
Public disclosure of exploitation details
Kaspersky's GReAT detailed the vulnerability's impact and exploitation methods in their report.
Securelist
2026-05-20
Patch released for ExifTool
ExifTool developers released version 13.50 to address CVE-2026-3102, urging users to upgrade.
nvd.nist.gov

Community

Browse all →