What is CVE-2026-21502?

CVE-2026-21502 is a medium-severity vulnerability in Internationalcolorconsortium Iccdev, classified under Improper Input Validation. CVSS score: 5.5/10. Published 2026-01-07.

How severe is CVE-2026-21502?

Medium severity. CVSS v3 base score is 5.5 out of 10.

NULL pointer dereference in Internationalcolorconsortium Iccdev

CVE-2026-21502

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via the XML tag parser…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.000 (12.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.5 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H.

Affected products

Internationalcolorconsortium Iccdev — versions < 2.3.1.2

Weakness classification (CWE)

References

https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-67r8-q3mh-42j6 (x_refsource_CONFIRM)
https://github.com/InternationalColorConsortium/iccDEV/issues/368 (x_refsource_MISC)
https://github.com/InternationalColorConsortium/iccDEV/pull/407 (x_refsource_MISC)
https://github.com/InternationalColorConsortium/iccDEV/commit/d04c236775e89a029f93efcc242fdb1fbc245a1c (x_refsource_MISC)
https://github.com/InternationalColorConsortium/iccDEV/commit/d9e42a1fb2606e25e498eb94f34f6da89f522e35 (x_refsource_MISC)

Frequently asked questions

What is CVE-2026-21502?: CVE-2026-21502 is a medium-severity vulnerability in Internationalcolorconsortium Iccdev, classified under Improper Input Validation. CVSS score: 5.5/10. Published 2026-01-07.
How severe is CVE-2026-21502?: Medium severity. CVSS v3 base score is 5.5 out of 10.