Securelist
Critical ExifTool Vulnerability (CVE-2026-3102) Threatens macOS Systems
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
A severe vulnerability in ExifTool (CVE-2026-3102) allows attackers to execute arbitrary shell commands on macOS systems by embedding malicious instructions in image file metadata. Discovered by Kaspersky's GReAT in February 2026, this flaw affects ExifTool versions 13.49 and earlier. Exploitation requires the use of the -n flag, enabling command injection via the SetMacOSTags function. The vulnerability has been publicly disclosed and poses a significant risk as it can be exploited remotely. Users are advised to upgrade to ExifTool version 13.50 to mitigate this risk. The flaw is linked to a previous vulnerability (CVE-2021-22204), showcasing ongoing issues with input validation in ExifTool. The potential for full system compromise makes this a critical security concern for macOS users.
Key Points: • CVE-2026-3102 allows remote command execution on macOS via ExifTool. • The vulnerability affects ExifTool versions 13.49 and earlier, patched in 13.50. • Attackers can exploit this flaw by embedding malicious commands in image metadata.