PatchSiren

truelockmc CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

CRITICAL truelockmc CVE published 2026-06-17

CVE-2026-48055

Streambert 2.4.0 and prior versions contain a high-severity Zip Slip vulnerability in subtitle extraction logic, allowing path traversal and arbitrary file writes. The application fails to sanitize archive entry filenames during extraction, enabling a malicious archive to escape temporary directory boundaries and write payloads anywhere on the host filesystem with current write permissions. This issue is [truncated]