## Command Injection Vulnerability Found in Leo Editor's @adoc and @pandoc Processing
A command injection vulnerability has been identified in the Leo editor's document processing functions, specifically affecting @adoc and @pandoc headline parsing. The flaw was discovered by Hideaki Takahashi, a PhD student specializing in system security at Columbia University. The vulnerability stems from the use of shell=True in subprocess calls, which allows argument boundaries to be bypassed if a maliciously crafted .leo outline is opened.

The technical root cause involves shell command strings being constructed for subprocess execution rather than argv lists. Takahashi's recommended fix replaces vulnerable calls with direct argument arrays: subprocess.run([prog, i_path, "-o", o_path, "-b", "html5"], check=False) for adoc, and subprocess.run(["pandoc", i_path, "-t", "html5", "-o", o_path], check=False) for pandoc. This preserves argument boundaries without requiring shell escaping. A reviewer identified only as EKR confirmed the issue should be fixed and suggested eliminating shell=True from Leo's entire codebase as a broader security hygiene measure.

The risk profile for this vulnerability is conditional. EKR noted that the security flaw cannot cause harm unless a user opens a .leo outline originating from a malicious actor. Leo issue #4455 already carries a warning advising users not to open .leo files from others unless the sender is completely trusted. The vulnerability exists in a narrow window between file import and command execution, requiring social engineering to materialize. Nevertheless, the disclosure highlights a class of injection risk common in text editor plugins that process external documents through shell invocation.
---
- **Source**: GitHub Issues
- **Sector**: The Lab
- **Tags**: command injection, subprocess vulnerability, Leo editor, shell=True, adoc
- **Credibility**: unverified
- **Published**: 2026-05-05 22:31:38
- **ID**: 79564
- **URL**: https://whisperx.ai/en/intel/79564