Product
exiftool-vendored is vulnerable to argument injection (CVE-2026-43893) via newline characters in tag names, potentially allowing attackers to read or write files accessible to the ExifTool process by injecting arguments through caller-supplied strings.