CVE-2026-26832 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

node-tesseract-ocr is an npm package that provides a Node.js wrapper for Tesseract OCR. In all versions through 2.2.1, the recognize() function in src/index.js…
Critical CVSS: 9.8

CVE-2026-26832

node-tesseract-ocr is an npm package that provides a Node.js wrapper for Tesseract OCR. In all versions through 2.2.1, the recognize() function in src/index.js is vulnerable to OS Command Injection. The file path parameter is concatenated into a shell command string and passed to child_process.exec() without proper sanitization
Vendor
-
Product
-
CWE
CWE-78
Yayın Tarihi
2026-03-25 16:16:21
Güncelleme
2026-03-26 15:13:15
Source Identifier
cve@mitre.org
KEV Date Added
-

Kategoriler

CWE-78 CRITICAL 2026

Referanslar

https://github.com/zapolnoch/node-tesseract-ocr https://github.com/zapolnoch/node-tesseract-ocr/blob/master/src/index.js https://github.com/zebbernCVE/CVE-2026-26832 https://www.npmjs.com/package/node-tesseract-ocr