A single JPEG with poisoned metadata can run arbitrary commands on any Mac running ExifTool 13.49 or earlier — and ExifTool is embedded in millions of image-processing pipelines, CMS platforms, and CI/CD workflows that organizations often don’t realize they’re running.
CVE-2026-3102: Kaspersky GReAT Discloses Metadata Injection in ExifTool’s SetMacOSTags Function
Kaspersky’s Global Research and Analysis Team disclosed CVE-2026-3102, a command injection vulnerability in ExifTool’s SetMacOSTags function that allows a specially crafted image file to execute arbitrary shell commands with user-level privileges on macOS systems running ExifTool 13.49 or earlier. The vulnerability was discovered by Kaspersky in February 2026 and patched in ExifTool 13.50 following coordinated disclosure. No active in-the-wild exploitation was reported at the time of disclosure.
How DateTimeOriginal Metadata Becomes a Shell Injection Vector
The vulnerability lies in how ExifTool passes the DateTimeOriginal metadata tag value to the macOS file-tagging utility /usr/bin/setfile. The tag value is passed unsanitized directly into a shell command. By injecting single quotes into the tag value, an attacker can break the shell command string structure and insert arbitrary commands. When ExifTool processes the malicious image and invokes setfile with the crafted tag, the injected commands execute with the privileges of the user running ExifTool.
The attack vector is any workflow where user-supplied image files are processed by ExifTool on a macOS system. This includes web application file upload forms, automated media processing pipelines, shared storage environments where untrusted images may be ingested, and manual processing of images received from untrusted sources.
ExifTool’s Pervasive Embedding in Pipelines and CMS Platforms
The breadth of ExifTool deployment makes CVE-2026-3102 consequential beyond direct ExifTool users. The library is embedded in CMS platforms including WordPress and Drupal media handlers, photo management software including Lightroom plugins and Darktable, CI/CD workflows that process user-uploaded media, and custom scripts across web development and digital forensics environments. Many organizations process images through ExifTool without knowing it — the library operates as a silent dependency inside tools and platforms they rely on for routine work.
The macOS-specific nature of this vulnerability stems from SetMacOSTags calling /usr/bin/setfile, a utility that exists only on macOS. Linux and Windows systems are not vulnerable through this specific code path. However, the attack surface on macOS is broad: any Mac running an image-processing application or pipeline that incorporates ExifTool 13.49 or earlier is exposed if it processes untrusted images.
ExifTool Exploitation History Accelerates Patching Urgency
ExifTool vulnerabilities have a documented track record of rapid weaponization following public disclosure. CVE-2021-22204, a prior ExifTool remote code execution flaw, was exploited in the wild within days of its 2021 release for remote server compromise via image uploads. The speed of prior exploitation episodes makes the coordinated disclosure window for CVE-2026-3102 — already used — the relevant urgency signal: organizations that have not yet patched to ExifTool 13.50 are operating with a known, documented injection path that has an established exploitation precedent.
Patching CVE-2026-3102 and Auditing ExifTool Exposure
The patch is available in ExifTool 13.50. Organizations running macOS systems with any image-processing workflow should verify the ExifTool version in use across both directly installed instances and embedded dependencies in CMS platforms, media management software, and automated pipelines. Applications that rely on ExifTool as a dependency may require their own updates to pull in the patched library version rather than the vulnerable one.
For workflows that cannot immediately update, restricting the sources of images processed by ExifTool — blocking untrusted external images from entering automated pipelines — reduces the exploitable attack surface while a patch is applied.
