Medium severity6.5NVD Advisory· Published May 27, 2026· Updated Jun 1, 2026
CVE-2026-44353
CVE-2026-44353
Description
Streamlink is a CLI utility which pipes video streams from various services into a video player. Prior to 8.4.0, Streamlink's HLS and DASH parsers do not validate the URI scheme of segment entries and other resources. A remote .m3u8 HLS playlist or .mpd DASH manifest can list file:///path/to/file as a segment, and streamlink will read that local file and write its contents to the output stream. This vulnerability is fixed in 8.4.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
streamlinkPyPI | < 8.4.0 | 8.4.0 |
Affected products
3- ghsa-coords2 versions
< 8.4.0+ 1 more
- (no CPE)range: < 8.4.0
- (no CPE)range: < 8.4.0-1.1
Patches
Vulnerability mechanics
References
4- github.com/streamlink/streamlink/security/advisories/GHSA-hgqw-6m45-hw5fnvdExploitMitigationVendor AdvisoryWEB
- github.com/advisories/GHSA-hgqw-6m45-hw5fghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-44353ghsaADVISORY
- github.com/pypa/advisory-database/tree/main/vulns/streamlink/PYSEC-2026-180.yamlghsaWEB
News mentions
0No linked articles in our index yet.