ExifTool CVE-2026-3102: Malicious Image File Triggers macOS Compromise

Kaspersky GReAT published an analysis of CVE-2026-3102, a flaw in ExifTool that allows attackers to compromise macOS systems when a user processes a specially crafted image file. ExifTool is widely used for media metadata handling in CMS platforms, CI/CD pipelines, and developer tooling.

The vulnerability is particularly dangerous in environments where images from untrusted sources are automatically processed — upload systems, media ingestion workflows, or build pipelines that parse image metadata. macOS users and organizations running automated ExifTool pipelines should apply available patches immediately and restrict processing of untrusted image input.