Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.9
OpenDeck Fails to Securely Serve Software Files
CVE-2026-28427
Summary
OpenDeck for Elgato Stream Deck had a security issue that allowed attackers to access sensitive files. If left unpatched, this could lead to unauthorized access to your system or compromise your system's security. Update to version 2.8.1 to fix this issue.
Original title
OpenDeck is Linux software for your Elgato Stream Deck. Prior to 2.8.1, the service listening on port 57118 serves static files for installed plugins but does not properly sanitize path components....
Original description
OpenDeck is Linux software for your Elgato Stream Deck. Prior to 2.8.1, the service listening on port 57118 serves static files for installed plugins but does not properly sanitize path components. By including ../ sequences in the request path, an attacker can traverse outside the intended directory and read any file OpenDeck can access. This vulnerability is fixed in 2.8.1.
nvd CVSS4.0
5.9
Vulnerability type
CWE-22
Path Traversal
CWE-24
Published: 4 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026