pdf-image npm Package Command Injection Vulnerability (CVE-2026-26830)
The pdf-image npm package through version 2.0.0 is vulnerable to OS command injection via the pdfFilePath parameter due to improper sanitization, potentially leading to arbitrary code execution.
The pdf-image npm package, up to version 2.0.0, contains a critical vulnerability (CVE-2026-26830) that allows for OS command injection. This vulnerability stems from the way the package handles user-provided file paths when processing PDF files. Specifically, the constructGetInfoCommand and constructConvertCommandForPage functions utilize util.format() to incorporate the pdfFilePath parameter directly into shell command strings. These commands are then executed using…
Detection coverage 2
Detect Suspicious PDF Image Command Execution
criticalDetects potential command injection attempts in pdf-image library by monitoring for suspicious child processes spawned by node processes.
Detect Suspicious PDF Image Network Connection
highDetects potential command injection attempts in pdf-image library by monitoring for suspicious outbound network connections from node processes after pdf processing.
Detection queries are kept inside the platform. Get full rules →
Indicators of compromise
1