CVE-2026-26832
Description
node-tesseract-ocr is an npm package that provides a Node.js wrapper for Tesseract OCR. In all versions through 2.2.1, the recognize() function in src/index.js is vulnerable to OS Command Injection. The file path parameter is concatenated into a shell command string and passed to child_process.exec() without proper sanitization
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
In all versions through 2.2.1, the recognize() function in node-tesseract-ocr concatenates a file path into a shell command without sanitization, enabling OS command injection.
Vulnerability
Description
The recognize() function in src/index.js of the node-tesseract-ocr npm package (all versions through 2.2.1) is vulnerable to OS command injection [1][4]. The function constructs a shell command by joining elements such as the Tesseract binary path, input options, and the user-supplied file path into a single string with a space separator. This string is then passed to child_process.exec(), which runs it through a shell interpreter [1][2]. The file path parameter is not sanitized; it is only wrapped in double quotes, which is insufficient to prevent shell metacharacter injection [4].
Exploitation
An attacker who can control the file path argument supplied to recognize()—for example, by providing a crafted image filename or URL path—can break out of the quoted string and inject arbitrary shell commands [4]. The official advisory demonstrates that a path such as test.jpg"; touch /tmp/pwned; echo "x successfully executes the injected command [4]. No authentication is required, and the attack can be performed remotely if the application accepts untrusted file paths from users. The CVSS 3.1 base score is 9.8 (Critical) with vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [4].
Impact
Successful exploitation grants an attacker the ability to execute arbitrary operating system commands in the context of the Node.js process [1][4]. This can lead to full compromise of the host system, including data exfiltration, installation of malware, or further lateral movement within the network.
Mitigation
As of the publication date, no patched version of the npm package has been released [4]. The project is not actively maintained, so users should treat all user-supplied paths as untrusted. A secure workaround is to avoid using child_process.exec() altogether; instead, use child_process.execFile() or spawn() with explicit argument arrays to prevent shell interpretation [4]. Alternatively, organizations may switch to a maintained OCR wrapper or invoke Tesseract directly from their own code with proper input validation [3][4].
AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
node-tesseract-ocrnpm | <= 2.2.1 | — |
Affected products
2- node-tesseract-ocr/node-tesseract-ocrdescription
- Range: <=2.2.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4News mentions
0No linked articles in our index yet.