Unrated severityNVD Advisory· Published Mar 2, 2026· Updated Mar 2, 2026

Textream Vulnerable to Uncontrolled Resource Consumption (Denial of Service)

CVE-2026-28412

Description

Textream is a free macOS teleprompter app. Prior to version 1.5.1, the DirectorServer WebSocket server imposes no limit on concurrent connections. Combined with a broadcast timer that sends state to all connected clients every 100 ms, an attacker can exhaust CPU and memory by flooding the server with connections, causing the Textream application to freeze and crash during a live session. Version 1.5.1 fixes the issue.

Affected products

Textream/Textreamllm-create
Range: <1.5.1
f/textreamv5
Range: < 1.5.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/f/textream/commit/3524fa96f98ba17025b48ce9e19d49d859fc2ec1mitrex_refsource_MISC
github.com/f/textream/security/advisories/GHSA-qr5p-7x47-qxh9mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000