A vulnerability was found in lingdojo kana-dojo up to 0.1.17 . It has been declared as critical . This affects the function child_process.execSync of the file patchNotesData.json . Such manipulation leads to os command injection. This vulnerability is referenced as CVE-2026-48547 . It is possible to launch the attack remotely. No exploit is available. It is recommended to upgrade the affected component.