CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2026/03/26 2:57 p.m.•3 views

CVE-2026-26832

node-tesseract-ocr is an npm package that provides a Node.js wrapper for Tesseract OCR. In all versions through 2.2.1, the recognize function in src/index.js is vulnerable to OS Command Injection. The file path parameter is concatenated into a shell command string and passed to childprocess.exec...

Packet Storm•added 2026/03/26 12:0 a.m.•141 views

Exploits3References1

📄 node-tesseract-ocr 2.2.1 Command Injection

node-tesseract-ocr through version 2.2.1 allows OS command injection in recognize in src/index.js. The package builds a shell command string and executes it with childprocess.exec. Because the input path is only wrapped in double quotes, an attacker can inject shell syntax through a crafted file...

vulnersOsv•added 2026/03/25 6:45 p.m.•6 views

@aaquib/whatsasenanpm (=1.3.5), @alexandersen01/sharepoint-mcp-server-better (=0.3.23) +85 more potentially affected by CVE-2026-26832 via node-tesseract-ocr (>=0.1.0 <=2.2.1)

node-tesseract-ocr NPM version =0.1.0, =1.0.10, =0.0.1, =2.3.50, =2.0.0, =0.0.1, =0.0.2, =1.0.0, =0.0.1, =0.0.1, =0.0.4 and more Source cves: CVE-2026-26832 Source advisory: SNYK:JS-NODETESSERACTOCR-15874141...

Snyk•added 2026/03/25 6:45 p.m.•3 views

Command Injection

Overview node-tesseract-ocr is an A Node.js wrapper for the Tesseract OCR API Affected versions of this package are vulnerable to Command Injection via the recognize function. An attacker can execute arbitrary system commands by supplying crafted input to the file path parameter, which is...

9.8CVSS6.1AI score0.00278EPSS

Exploits3References2

OSV•added 2026/03/25 6:31 p.m.•3 views

GHSA-8J44-735H-W4W2 node-tesseract-ocr is vulnerable to OS Command Injection through unsanitized recognize() function parameter

Github Security Blog•added 2026/03/25 6:31 p.m.•3 views

node-tesseract-ocr is vulnerable to OS Command Injection through unsanitized recognize() function parameter

Exploits3References4Affected Software1

EUVD•added 2026/03/25 6:31 p.m.•3 views

EUVD-2026-15461

vulnersOsv•added 2026/03/25 6:31 p.m.•5 views

Exploits3References5

@aaquib/whatsasenanpm (=1.3.5), @alexandersen01/sharepoint-mcp-server-better (=0.3.23) +85 more potentially affected by CVE-2026-26832 via node-tesseract-ocr (>=0.1.0 <=2.2.1)

NVD•added 2026/03/25 4:16 p.m.•4 views

CVE-2026-26832

9.8CVSS0.00278EPSS

Positive Technologies•added 2026/03/25 12:0 a.m.•4 views

PT-2026-27801

Name of the Vulnerable Software and Affected Versions node-tesseract-ocr versions through 2.2.1 Description The recognize function in src/index.js is susceptible to OS Command Injection due to insufficient input sanitization. Specifically, the file path parameter is incorporated into a shell...

9.8CVSS6.1AI score0.00278EPSS

Exploits3References10

Cvelist•added 2026/03/25 12:0 a.m.•21 views

CVE-2026-26832

9.8CVSS0.00278EPSS

CVE•added 2026/03/25 12:0 a.m.•9 views

CVE-2026-26832

node-tesseract-ocr ≤2.2.1 is vulnerable to OS command injection in recognize() because it builds a shell command string and passes it to child_process.exec() without sanitizing the file path. The vulnerable component is src/index.js (recognize()), affecting all versions up to 2.2.1. The input pat...

CNNVD•added 2026/03/25 12:0 a.m.•3 views

Tesseract 安全漏洞

Tesseract is an OCR image text recognition library developed by Nazim Gafarov for a Node.js platform. Versions of Tesseract 2.2.1 and earlier contained security vulnerabilities, which were caused by unvalidated file path parameters, potentially leading to OS command injection attacks...

Vulnrichment•added 2026/03/25 12:0 a.m.•0 views

CVE-2026-26832

GithubExploit•added 2026/03/24 4:15 p.m.•125 views

Exploit for CVE-2026-26832

CVE-2026-26832: OS command injection in node-tesseract-ocr...

6AI score0.00278EPSS