Export CSV

Products

1 vendor
VendorProductsCVEsKEVAvg EPSSWorst Severity
11082.1%CRITICAL

Related CVEs

1
CVE IDDescriptionSeverityCVSSKEVEPSSPublished
CVE-2026-26831textract through 2.5.0 is vulnerable to OS Command Injection via the file path parameter in multiple extractors. When processing files with malicious filenames, the filePath is passed directly to child_process.exec() in lib/extractors/doc.js, rtf.js, dxf.js, images.js, and lib/util.js with inadequate sanitizationCRITICAL9.882.1%Mar 25, 2026