There is an arbitrary command execution vulnerability in the scriptfu network server console in the GIMP 2.6 branch. It is possible to use a python scriptfu command to run arbitrary operating-system commands and potentially take full control of the host.
6bb8abc35df548c551fcf9ff102ee8db444b1e273993fe8a725e91885c36da04