Home / Vulnerability Intelligence / CVE-2026-26833

CVE-2026-26833 - Vulnerability Analysis

N/a

Last Updated: March 25, 2026

Thumbler - Command Injection

Published: March 25, 2026Updated: March 25, 2026PoC Available

Overview

Thumbler through 1.1.2 contains a command injection caused by unsanitized user input concatenated into shell command strings in the thumbnail() function, letting attackers execute arbitrary OS commands remotely, exploit requires crafted input.

Severity & Score

Severity: N/a

Impact

Attackers can execute arbitrary OS commands, potentially leading to full system compromise.

Mitigation

Update to the latest version of Thumbler.

References

https://github.com/mmahrous/thumbler
https://github.com/mmahrous/thumbler/blob/master/lib/thumbler.js
https://github.com/zebbernCVE/CVE-2026-26833
https://www.npmjs.com/package/thumbler

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-26833
Severity: N/a
Type: command_injection
Status: new

CVSS Metrics

N/A