Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
| Source | ID | Title |
|---|---|---|
Github GHSA |
GHSA-hgqw-6m45-hw5f | Streamlink has an arbitrary local file read via file:// URI in HLS and DASH |
Mon, 01 Jun 2026 20:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| CPEs | cpe:2.3:a:streamlink:streamlink:*:*:*:*:*:python:*:* |
Sat, 30 May 2026 23:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Streamlink
Streamlink streamlink |
|
| Vendors & Products |
Streamlink
Streamlink streamlink |
Wed, 27 May 2026 19:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 27 May 2026 16:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Streamlink is a CLI utility which pipes video streams from various services into a video player. Prior to 8.4.0, Streamlink's HLS and DASH parsers do not validate the URI scheme of segment entries and other resources. A remote .m3u8 HLS playlist or .mpd DASH manifest can list file:///path/to/file as a segment, and streamlink will read that local file and write its contents to the output stream. This vulnerability is fixed in 8.4.0. | |
| Title | Streamlink: Arbitrary local file read via file:// URI in HLS and DASH | |
| Weaknesses | CWE-22 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2026-05-27T17:49:20.696Z
Reserved: 2026-05-05T19:52:59.148Z
Link: CVE-2026-44353
Updated: 2026-05-27T17:49:16.290Z
Status : Analyzed
Published: 2026-05-27T17:16:38.927
Modified: 2026-06-17T10:50:32.870
Link: CVE-2026-44353
No data.
OpenCVE Enrichment
Updated: 2026-05-30T21:21:45Z
Github GHSA