CVE-2026-44353
EUVD-2026-3255927.05.2026, 17:16
Streamlink is a CLI utility which pipes video streams from various services into a video player. Prior to 8.4.0, Streamlink's HLS and DASH parsers do not validate the URI scheme of segment entries and other resources. A remote .m3u8 HLS playlist or .mpd DASH manifest can list file:///path/to/file as a segment, and streamlink will read that local file and write its contents to the output stream. This vulnerability is fixed in 8.4.0.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| streamlink | streamlink | 𝑥 < 8.4.0 |
𝑥
= Vulnerable software versions
Debian Releases