CRITICAL
truelockmc
CVE published 2026-06-17
CVE-2026-48055
Streambert 2.4.0 and prior versions contain a high-severity Zip Slip vulnerability in subtitle extraction logic, allowing path traversal and arbitrary file writes. The application fails to sanitize archive entry filenames during extraction, enabling a malicious archive to escape temporary directory boundaries and write payloads anywhere on the host filesystem with current write permissions. This issue is [truncated]