CVE-2026-46643: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in KnpLabs snappy
KnpLabs snappy, a PHP library for generating thumbnails, snapshots, or PDFs from URLs or HTML pages, has an OS command injection vulnerability (CWE-78) in versions prior to 1. 7. 1. On POSIX systems, improper handling of the binary path causes the safe code branch to be bypassed, leading to execution of unescaped command strings if the binary path is user-influenced. This vulnerability has been patched in version 1. 7. 1.
AI Analysis
Technical Summary
The vulnerability in KnpLabs snappy arises because on POSIX systems, escapeshellarg('/usr/bin/wkhtmltopdf') returns a string with single quotes included, causing is_executable() to check for a non-existent file with quotes in its name. Consequently, the safe code branch is never executed, and the command string falls through to an unescaped value. While other command arguments are escaped correctly, injection can occur if the binary path is sourced from user-influenced configuration or environment variables derived from request data. This issue enables OS command injection and is fixed in version 1.7.1.
Potential Impact
An attacker who can influence the binary path configuration or environment variables may execute arbitrary OS commands due to improper neutralization of special elements in the command string. This can lead to high-impact consequences such as unauthorized command execution on the host system. The CVSS 4.0 score is 7.5 (high severity), reflecting local attack vector with low complexity but partial attack prerequisites and high impact on confidentiality, integrity, and availability.
Mitigation Recommendations
This vulnerability has been patched in KnpLabs snappy version 1.7.1. Users should upgrade to version 1.7.1 or later to remediate this issue. No other mitigation or temporary fix is indicated in the available data.
CVE-2026-46643: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in KnpLabs snappy
Description
KnpLabs snappy, a PHP library for generating thumbnails, snapshots, or PDFs from URLs or HTML pages, has an OS command injection vulnerability (CWE-78) in versions prior to 1. 7. 1. On POSIX systems, improper handling of the binary path causes the safe code branch to be bypassed, leading to execution of unescaped command strings if the binary path is user-influenced. This vulnerability has been patched in version 1. 7. 1.
CVSS v4.0
Score 7.5high
Affected software
Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability in KnpLabs snappy arises because on POSIX systems, escapeshellarg('/usr/bin/wkhtmltopdf') returns a string with single quotes included, causing is_executable() to check for a non-existent file with quotes in its name. Consequently, the safe code branch is never executed, and the command string falls through to an unescaped value. While other command arguments are escaped correctly, injection can occur if the binary path is sourced from user-influenced configuration or environment variables derived from request data. This issue enables OS command injection and is fixed in version 1.7.1.
Potential Impact
An attacker who can influence the binary path configuration or environment variables may execute arbitrary OS commands due to improper neutralization of special elements in the command string. This can lead to high-impact consequences such as unauthorized command execution on the host system. The CVSS 4.0 score is 7.5 (high severity), reflecting local attack vector with low complexity but partial attack prerequisites and high impact on confidentiality, integrity, and availability.
Mitigation Recommendations
This vulnerability has been patched in KnpLabs snappy version 1.7.1. Users should upgrade to version 1.7.1 or later to remediate this issue. No other mitigation or temporary fix is indicated in the available data.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-05-15T20:11:54.584Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a29c2720e53e738838993b6
Added to database: 6/10/2026, 8:00:50 PM
Last enriched: 6/10/2026, 8:13:56 PM
Last updated: 6/10/2026, 9:08:09 PM
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.