CVE-2026-37281 | THREATINT

Description

An OS command injection vulnerability in the /stream-to-vlc Express route in hitarth-gg Zenshin before 2.7.0 allows remote attackers to execute arbitrary commands via the url parameter.

PUBLISHED Reserved 2026-04-06 | Published 2026-05-19 | Updated 2026-05-20 | Assigner mitre

References

gist.github.com/MitruStefan/cf016709252aabbec7f95b7a70e0cfba exploit

github.com/hitarth-gg/zenshin

github.com/...ommit/7d31c6edfbac978f0ad44c66d761bab9dcd2fa27

gist.github.com/MitruStefan/cf016709252aabbec7f95b7a70e0cfba

cve.org (CVE-2026-37281)

nvd.nist.gov (CVE-2026-37281)

Download JSON