Fix Intervention Image — CVE-2021-26732 HIGH
Fix CVE-2021-26732 (HIGH) in Intervention Image for PHP. Paste your composer.json into PackageFix and get a patched version — no CLI, no signup. Xss via malicious image metadata in exif data.
⚠ Vulnerability
CVE-2021-26732 (HIGH) — XSS via malicious image metadata in EXIF data in Intervention Image below ^3.7.
Vulnerable — composer.json
"intervention/image": "^2.7"
Fixed — composer.json
"intervention/image": "^3.7"
✓ Fix
Update Intervention Image to ^3.7 and run composer install.
Paste your manifest — get back a fixed version with all CVEs patched in seconds.
Open PackageFix →No signup · No CLI · No GitHub connection · Runs 100% in your browser
CVE Details
| Field | Value |
|---|---|
| CVE ID | CVE-2021-26732 |
| Severity | HIGH |
| Package | Intervention Image (PHP) |
| Safe version | ^3.7 |
| CISA KEV | — |
| Description | Xss via malicious image metadata in exif data |
Frequently Asked Questions
What is CVE-2021-26732?
CVE-2021-26732 is a HIGH severity vulnerability in Intervention Image (PHP) that allows XSS via malicious image metadata in EXIF data. Update to ^3.7 or later.
How do I fix CVE-2021-26732 in Intervention Image?
Update Intervention Image to version ^3.7 in your composer.json and run composer install.
Is CVE-2021-26732 being actively exploited?
Check packagefix.dev — the CISA KEV catalog updates daily.
How do I verify the fix for CVE-2021-26732?
After updating, paste your composer.json into PackageFix again. If CVE-2021-26732 no longer appears in the CVE table, the fix is applied.