Vulnerability Description
Improper Control of Generation of Code ('Code Injection') vulnerability in liuyueyi quick-media (plugins/svg-plugin/batik-codec-fix/src/main/java/org/apache/batik/ext/awt/image/codec/png modules). This vulnerability is associated with program files PNGImageEncoder.Java. This issue affects quick-media: before v1.0.
Related Weaknesses (CWE)
References
- https://github.com/liuyueyi/quick-media/pull/122
- https://github.com/css4j/echosvg/discussions/137
- https://github.com/github/advisory-database/pull/7437
- https://github.com/liuyueyi/quick-media/pull/122#issuecomment-4305453193
FAQ
What is CVE-2026-24806?
CVE-2026-24806 is a documented vulnerability. Improper Control of Generation of Code ('Code Injection') vulnerability in liuyueyi quick-media (plugins/svg-plugin/batik-codec-fix/src/main/java/org/apache/batik/ext/awt/image/codec/png modules). Thi...
How severe is CVE-2026-24806?
CVSS scoring is not yet available for CVE-2026-24806. Check NVD for updates.
Is there a patch for CVE-2026-24806?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.