# CVE-2026-26832: OS command injection in node-tesseract-ocr

## Summary

`node-tesseract-ocr` through version `2.2.1` allows OS command
injection in `recognize()` in `src/index.js`. The package builds a
shell command string and executes it with `child_process.exec()`.
Because the input path is only wrapped in double quotes, an attacker
can inject shell syntax through a crafted file path.

## Affected product

| Product | Affected versions | Fixed version |
| --- | --- | --- |
| node-tesseract-ocr | all versions through 2.2.1 | no fix available as of 2026-03-24 |

## Vulnerability details

- CVE ID: `CVE-2026-26832`
- CWE: `CWE-78` - OS Command Injection
- CVSS 3.1: `9.8` (`Critical`)
- Vector: `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H`
- Affected component: `src/index.js`, `recognize()`

The vulnerable pattern is:

```js
const command = [binary, inputOption, "stdout", ...options].join(" ");
exec(command, ...);
```

That command string inherits shell parsing. A malicious file path can
break out of the quoted argument.

## Technical impact

Applications that run OCR on user-supplied images can expose the host
system to command execution if they pass untrusted paths into
`recognize()`.

## Proof of concept

```text
test.jpg"; touch /tmp/pwned; echo "x
```

## Mitigation

No fixed npm release is available at the time of writing.

If you still depend on this package:

1. Treat input paths as untrusted.
2. Stop building shell command strings with `join(" ")`.
3. Use `execFile()` or `spawn()` with explicit arguments.
4. Move to a maintained wrapper or call Tesseract safely from your own
   code.

## References

- https://www.npmjs.com/package/node-tesseract-ocr
- https://github.com/zapolnoch/node-tesseract-ocr
- https://github.com/zapolnoch/node-tesseract-ocr/blob/master/src/index.js