Security Advisory

CVE-2026-26833

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-03-25 00:00:00

Last updated 2026-03-28 01:17:25

Assigner mitre

State PUBLISHED

Description

thumbler through 1.1.2 allows OS command injection via the input, output, time, or size parameter in the thumbnail() function because user input is concatenated into a shell command string passed to child_process.exec() without proper sanitization or escaping.

← Browse all CVEs View on cve.org ↗