Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
CVE-2026-37281: hitarth-gg Zenshin URL Command Injection Risk
CVE-2026-37281
Summary
The hitarth-gg Zenshin application has a security flaw that could allow an attacker to execute unauthorized system commands. This could potentially lead to data theft, system compromise, or other malicious actions. To mitigate this risk, update to version 2.7.0 or later, and ensure that the application is configured securely.
Original title
An OS command injection vulnerability in the /stream-to-vlc Express route in hitarth-gg Zenshin before 2.7.0 allows remote attackers to execute arbitrary commands via the url parameter.
Original description
An OS command injection vulnerability in the /stream-to-vlc Express route in hitarth-gg Zenshin before 2.7.0 allows remote attackers to execute arbitrary commands via the url parameter.
Vulnerability type
CWE-78
OS Command Injection
Published: 19 May 2026 · Updated: 26 May 2026 · First seen: 19 May 2026