CVE-2026-26833 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

thumbler through 1.1.2 allows OS command injection via the input, output, time, or size parameter in the thumbnail() function because user input is concatenated…
Critical CVSS: 9.8

CVE-2026-26833

thumbler through 1.1.2 allows OS command injection via the input, output, time, or size parameter in the thumbnail() function because user input is concatenated into a shell command string passed to child_process.exec() without proper sanitization or escaping.
Vendor
Mmahrous
Product
Thumbler
CWE
CWE-78
Yayın Tarihi
2026-03-25 16:16:21
Güncelleme
2026-03-30 13:28:03
Source Identifier
cve@mitre.org
KEV Date Added
-

Kategoriler

CWE-78 Thumbler CRITICAL Mmahrous 2026

Referanslar

https://github.com/mmahrous/thumbler https://github.com/mmahrous/thumbler/blob/master/lib/thumbler.js https://github.com/zebbernCVE/CVE-2026-26833 https://www.npmjs.com/package/thumbler