1.13.1 release notes

RSS

Nutrient Web SDK 1.13.1 is a security patch that updates the vendored libpng dependency from 1.6.55 to 1.6.56, addressing two high-severity CVEs. See the changelog for full details.

Security

This release resolves the following vulnerabilities in libpng:

CVE-2026-33416 (CVSS 7.5) — A denial-of-service vulnerability in libpng 1.6.55.
CVE-2026-33636 (CVSS 7.6) — A potentially exploitable vulnerability in libpng 1.6.55.

Both are resolved by updating to libpng 1.6.56. No API changes or migration steps are required.

1.13.1 release notes

Security

Was this helpful?

Help us improve

Thank you for your feedback!

Something went wrong. Please try again or let us know.