CVE-2026-47114
IINA before 1.4.3 contains a user-assisted command execution vulnerability in the iina://open URL scheme handler. An attacker can deliver a crafted URL via a browser that passes unvalidated mpv_options/input-commands parameters into the mpv runtime, causing arbitrary command execution as the curr...