CVE Catalog
CVE-2026-37281
CriticalSummary
CVE-2026-37281 describes an OS command injection vulnerability in the /stream-to-vlc Express route in hitarth-gg Zenshin before version 2.7.0, allowing remote attackers to execute arbitrary commands via the url parameter.
Risk Assessment
Attackers could exploit this vulnerability to gain control over the system, posing a serious security threat to the organization.
Recommendation
It is recommended to update hitarth-gg Zenshin to version 2.7.0 or later to mitigate this vulnerability.
Original NVD description (English source)
An OS command injection vulnerability in the /stream-to-vlc Express route in hitarth-gg Zenshin before 2.7.0 allows remote attackers to execute arbitrary commands via the url parameter.

