## https://sploitus.com/exploit?id=PACKETSTORM:217865
# CVE-2026-26832: OS command injection in node-tesseract-ocr
## Summary
`node-tesseract-ocr` through version `2.2.1` allows OS command
injection in `recognize()` in `src/index.js`. The package builds a
shell command string and executes it with `child_process.exec()`.
Because the input path is only wrapped in double quotes, an attacker
can inject shell syntax through a crafted file path.
## Affected product
| Product | Affected versions | Fixed version |
| --- | --- | --- |
| node-tesseract-ocr | all versions through 2.2.1 | no fix available as of 2026-03-24 |
## Vulnerability details
- CVE ID: `CVE-2026-26832`
- CWE: `CWE-78` - OS Command Injection
- CVSS 3.1: `9.8` (`Critical`)
- Vector: `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H`
- Affected component: `src/index.js`, `recognize()`
The vulnerable pattern is:
```js
const command = [binary, inputOption, "stdout", ...options].join(" ");
exec(command, ...);
```
That command string inherits shell parsing. A malicious file path can
break out of the quoted argument.
## Technical impact
Applications that run OCR on user-supplied images can expose the host
system to command execution if they pass untrusted paths into
`recognize()`.
## Proof of concept
```text
test.jpg"; touch /tmp/pwned; echo "x
```
## Mitigation
No fixed npm release is available at the time of writing.
If you still depend on this package:
1. Treat input paths as untrusted.
2. Stop building shell command strings with `join(" ")`.
3. Use `execFile()` or `spawn()` with explicit arguments.
4. Move to a maintained wrapper or call Tesseract safely from your own
code.
## References
- https://www.npmjs.com/package/node-tesseract-ocr
- https://github.com/zapolnoch/node-tesseract-ocr
- https://github.com/zapolnoch/node-tesseract-ocr/blob/master/src/index.js