CVE-2026-26831 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

textract through 2.5.0 is vulnerable to OS Command Injection via the file path parameter in multiple extractors. When processing files with malicious filenames,…
Critical CVSS: 9.8

CVE-2026-26831

textract through 2.5.0 is vulnerable to OS Command Injection via the file path parameter in multiple extractors. When processing files with malicious filenames, the filePath is passed directly to child_process.exec() in lib/extractors/doc.js, rtf.js, dxf.js, images.js, and lib/util.js with inadequate sanitization
Vendor
Dbashford
Product
Textract
CWE
CWE-78
Yayın Tarihi
2026-03-25 16:16:21
Güncelleme
2026-03-30 13:33:41
Source Identifier
cve@mitre.org
KEV Date Added
-

Kategoriler

CWE-78 Textract CRITICAL Dbashford 2026

Referanslar

https://github.com/dbashford/textract https://github.com/dbashford/textract/blob/master/lib/extractors/doc.js https://github.com/dbashford/textract/blob/master/lib/extractors/rtf.js https://github.com/dbashford/textract/blob/master/lib/util.js https://github.com/zebbernCVE/CVE-2026-26831 https://www.npmjs.com/package/textract