MEDIUM
streamlink
CVE published 2026-05-27
CVE-2026-44353
Streamlink versions prior to 8.4.0 contain a path traversal vulnerability in their HLS and DASH parsers. The parsers fail to validate URI schemes in segment entries and other resources within .m3u8 HLS playlists or .mpd DASH manifests. A remote attacker can craft a malicious playlist or manifest that references local files using the file:// scheme (e.g., file:///path/to/file), causing Streamlink to read a [truncated]