CVE-2026-48055— Streambert 字幕提取任意文件写入漏洞
影响版本矩阵 1
| 厂商 | 产品 | 版本范围 | 状态 |
|---|---|---|---|
| truelockmc | streambert | < 2.5.0 | affected |
获取后续新漏洞提醒登录后订阅
一、 漏洞 CVE-2026-48055 基础信息
漏洞信息
对漏洞内容有疑问?看看神龙的深度分析是否有帮助!
查看神龙十问 ↗ 尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Streambert: Arbitrary File Write (Zip Slip) via Subtitle Extraction
来源: 美国国家漏洞数据库 NVD
Vulnerability Description
Streambert is a cross-platform Electron Desktop App to stream and download any video media. In versions 2.4.0 and prior, a high-severity Zip Slip vulnerability was identified in Streambert's subtitle extraction logic. The application does not sanitize archive entry filenames during extraction, allowing a malicious archive to perform path traversal and write arbitrary files to the host filesystem. The subtitle extraction process downloads a ZIP archive and extracts its entries. The destination file path is constructed by concatenating the raw archive entry name (extracted.name) directly to the temporary directory path. If a malicious ZIP archive containing directory traversal sequences is processed, it escapes the temporary directory boundaries. The application then writes the extracted payload anywhere on the host filesystem subject to the application's current write permissions. This issue has been fixed in version 2.5.0.
来源: 美国国家漏洞数据库 NVD
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H
来源: 美国国家漏洞数据库 NVD
Vulnerability Type
输入验证不恰当
来源: 美国国家漏洞数据库 NVD
受影响产品
| 厂商 | 产品 | 影响版本 | CPE | 订阅 |
|---|---|---|---|---|
| truelockmc | streambert | < 2.5.0 | - |
二、漏洞 CVE-2026-48055 的公开POC
| # | POC 描述 | 源链接 | 神龙链接 |
|---|
AI 生成 POC高级
未找到公开 POC。
登录以生成 AI POC三、漏洞 CVE-2026-48055 的情报信息
请登录查看更多情报信息。
CVE-2026-48055 厂商安全公告 (1)
CVE-2026-48055 厂商页面 (1)
- 🔗 Release v.2.5.0 · truelockmc/streambert · GitHubx_refsource_MISC
IV. Related Vulnerabilities
V. Comments for CVE-2026-48055
暂无评论