CVE Catalog

CVE-2026-37281

Critical
Published: Translated: NVD NIST

Summary

CVE-2026-37281 describes an OS command injection vulnerability in the /stream-to-vlc Express route in hitarth-gg Zenshin before version 2.7.0, allowing remote attackers to execute arbitrary commands via the url parameter.

Risk Assessment

Attackers could exploit this vulnerability to gain control over the system, posing a serious security threat to the organization.

Recommendation

It is recommended to update hitarth-gg Zenshin to version 2.7.0 or later to mitigate this vulnerability.

Original NVD description (English source)

An OS command injection vulnerability in the /stream-to-vlc Express route in hitarth-gg Zenshin before 2.7.0 allows remote attackers to execute arbitrary commands via the url parameter.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS