Dbashford

dbashford

1 CVE • 1 product

Products (1)

Click to collapse

Toggle

Textract

textract

1 CVE

CVEs (1)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-26831 1Dbashford 1Textract Mar 30, 2026 Mar 25, 2026 N/A· v4 9.8 CRITICAL· v3 N/A· v2 textract through 2.5.0 is vulnerable to OS Command Injection via the file path parameter in multiple extractors. When processing files with malicious filenames, the filePath is passed directly to child_process.exec() in...Show more textract through 2.5.0 is vulnerable to OS Command Injection via the file path parameter in multiple extractors. When processing files with malicious filenames, the filePath is passed directly to child_process.exec() in lib/extractors/doc.js, rtf.js, dxf.js, images.js, and lib/util.js with inadequate sanitizationShow less

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

CVE-2026-26831

1Dbashford

1Textract

Mar 30, 2026

Mar 25, 2026

N/A· v4

9.8 CRITICAL· v3

N/A· v2

textract through 2.5.0 is vulnerable to OS Command Injection via the file path parameter in multiple extractors. When processing files with malicious filenames, the filePath is passed directly to child_process.exec() in...Show more