Vulnerabilities

CVE-2026-26830

by Fred · 25/03/2026

pdf-image (npm package) through version 2.0.0 allows OS command injection via the pdfFilePath parameter. The constructGetInfoCommand and constructConvertCommandForPage functions use util.format() to interpolate user-controlled file paths into shell command strings that are executed via child_process.exec()

More information : https://github.com/mooz/node-pdf-image

Similar

Tags: Cybersecurity Alert