15 matches found
CVE-2026-44353
A flaw was found in Streamlink. Its HLS HTTP Live Streaming and DASH Dynamic Adaptive Streaming over HTTP parsers do not properly validate the URI Uniform Resource Identifier scheme of segment entries. A remote attacker could craft a malicious HLS playlist or DASH manifest to include local file...
PYSEC-2026-180
Streamlink is a CLI utility which pipes video streams from various services into a video player. Prior to 8.4.0, Streamlink's HLS and DASH parsers do not validate the URI scheme of segment entries and other resources. A remote .m3u8 HLS playlist or .mpd DASH manifest can list file:///path/to/file...
PYSEC-2026-180
Streamlink is a CLI utility which pipes video streams from various services into a video player. Prior to 8.4.0, Streamlink's HLS and DASH parsers do not validate the URI scheme of segment entries and other resources. A remote .m3u8 HLS playlist or .mpd DASH manifest can list file:///path/to/file...
CVE-2026-44353
Streamlink is a CLI utility which pipes video streams from various services into a video player. Prior to 8.4.0, Streamlink's HLS and DASH parsers do not validate the URI scheme of segment entries and other resources. A remote .m3u8 HLS playlist or .mpd DASH manifest can list file:///path/to/file...
PYSEC-0000-CVE-2026-44353
Streamlink is a CLI utility which pipes video streams from various services into a video player. Prior to 8.4.0, Streamlink's HLS and DASH parsers do not validate the URI scheme of segment entries and other resources. A remote .m3u8 HLS playlist or .mpd DASH manifest can list file:///path/to/file...
CVE-2026-44353 Streamlink: Arbitrary local file read via file:// URI in HLS and DASH
Streamlink is a CLI utility which pipes video streams from various services into a video player. Prior to 8.4.0, Streamlink's HLS and DASH parsers do not validate the URI scheme of segment entries and other resources. A remote .m3u8 HLS playlist or .mpd DASH manifest can list file:///path/to/file...
EUVD-2026-32559
Streamlink is a CLI utility which pipes video streams from various services into a video player. Prior to 8.4.0, Streamlink's HLS and DASH parsers do not validate the URI scheme of segment entries and other resources. A remote .m3u8 HLS playlist or .mpd DASH manifest can list file:///path/to/file...
CVE-2026-44353 Streamlink: Arbitrary local file read via file:// URI in HLS and DASH
Streamlink is a CLI utility which pipes video streams from various services into a video player. Prior to 8.4.0, Streamlink's HLS and DASH parsers do not validate the URI scheme of segment entries and other resources. A remote .m3u8 HLS playlist or .mpd DASH manifest can list file:///path/to/file...
Streamlink 安全漏洞
Streamlink is an open-source command-line tool developed by Streamlink that pushes live streaming media to video players. Versions of Streamlink prior to 8.4.0 contained security vulnerabilities. These vulnerabilities stemmed from the fact that the HLS and DASH parsers did not validate the URI...
External Control of File Name or Path
Overview streamlink is a Streamlink is a command-line utility that extracts streams from various services and pipes them into a video player of choice. Affected versions of this package are vulnerable to External Control of File Name or Path via the parsing process for HLS and DASH playlists or...
Streamlink has an arbitrary local file read via file:// URI in HLS and DASH
Summary Streamlink's HLS and DASH parsers do not validate the URI scheme of segment entries and other resources. A remote .m3u8 HLS playlist or .mpd DASH manifest can list file:///path/to/file as a segment, and streamlink will read that local file and write its contents to the output stream...
GHSA-HGQW-6M45-HW5F Streamlink has an arbitrary local file read via file:// URI in HLS and DASH
Summary Streamlink's HLS and DASH parsers do not validate the URI scheme of segment entries and other resources. A remote .m3u8 HLS playlist or .mpd DASH manifest can list file:///path/to/file as a segment, and streamlink will read that local file and write its contents to the output stream...
OPENSUSE-SU-2026:10733-1 streamlink-8.4.0-1.1 on GA media
These are all security issues fixed in the streamlink-8.4.0-1.1 package on the GA media of openSUSE Tumbleweed...
PT-2026-39326
Name of the Vulnerable Software and Affected Versions streamlink versions prior to 8.4.0 Description Streamlink's HLS and DASH parsers fail to validate the URI scheme of segment entries and other resources. A remote attacker can host a malicious .m3u8 HLS playlist or .mpd DASH manifest that lists...
Linux Distros Unpatched Vulnerability : CVE-2026-44353
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Streamlink is a CLI utility which pipes video streams from various services into a video player. Prior to 8.4.0, Streamlink's HLS and DASH parsers do not valida...