VYPR
← All advisories
High severity8.8NVD Advisory· Published May 21, 2026· Updated May 21, 2026

CVE-2026-47114

CVE-2026-47114

Description

IINA before 1.4.3 contains a user-assisted command execution vulnerability that allows remote attackers to execute arbitrary commands by supplying malicious mpv_-prefixed query parameters through the iina://open custom URL scheme handler. Attackers can deliver a crafted URL via a browser that passes unvalidated mpv_options/input-commands parameters into the mpv runtime, causing arbitrary command execution as the current macOS user upon approval of the browser protocol prompt without requiring a valid media file.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

IINA before 1.4.3 allows arbitrary command execution via crafted iina://open URLs with malicious mpv_ query parameters.

Vulnerability

Overview

CVE-2026-47114 is a user-assisted command execution vulnerability in IINA versions prior to 1.4.3. The flaw resides in the iina://open custom URL scheme handler, which fails to properly validate query parameters prefixed with mpv_ [1][2]. By crafting a malicious URL with mpv_options or input-commands parameters, an attacker can inject arbitrary commands into the mpv runtime, leading to code execution on the affected macOS system.

Exploitation

The attack is delivered through a web browser, where a user is tricked into clicking a specially crafted iina://open URL. macOS presents a protocol-handler prompt; if the user approves it, IINA processes the URL without requiring a valid media file [2]. The lack of sanitization on mpv_-prefixed parameters allows the attacker to inject commands that are passed directly to the mpv engine [1][3].

Impact

Successful exploitation grants an attacker arbitrary command execution with the privileges of the current macOS user. This could lead to full system compromise, data theft, installation of malware, or further lateral movement within the network. The vulnerability is rated High with a CVSS v3 base score of 8.8, reflecting the significant impact on confidentiality, integrity, and availability.

Mitigation

The vulnerability is patched in IINA version 1.4.3 and later. The fix explicitly rejects mpv_ options that contain "input-command" in the URL scheme handler, preventing the injection [3]. All users are strongly advised to update to the latest version. No workarounds are available for older versions.

References
  1. Release IINA 1.4.3 · iina/iina
  2. IINA < 1.4.3 Command Execution via iina://open URL Scheme
  3. chore: reject mpv input-commands in URL scheme, #6083 · iina/iina@1e6f432

AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • Iina/Iinareferences2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: <1.4.3

Patches

1
1e6f43248dab

chore: reject mpv input-commands in URL scheme, #6083

https://github.com/iina/iinaHechen LiMay 20, 2026via nvd-ref
commit
1 file changed · +4 0
  • iina/AppDelegate.swift+4 0 modified
    @@ -905,6 +905,10 @@ class AppDelegate: NSObject, NSApplicationDelegate, SPUUpdaterDelegate {
       for query in queries {
         if query.name.hasPrefix("mpv_") {
           let mpvOptionName = String(query.name.dropFirst(4))
+          guard !mpvOptionName.contains("input-command") else {
+            Logger.log("mpv option \(mpvOptionName) rejected when parsing URL", level: .warning)
+            continue
+          }
           guard let mpvOptionValue = query.value else { continue }
           Logger.log("Setting \(mpvOptionName) to \(mpvOptionValue)")
           player.mpv.setString(mpvOptionName, mpvOptionValue)

Vulnerability mechanics

Root cause

"Missing validation of mpv_-prefixed query parameters in the iina://open URL scheme handler allows arbitrary mpv options and input-commands to be injected, leading to command execution."

Attack vector

An attacker crafts a URL using the iina://open custom scheme with malicious mpv_options or input-commands query parameters (e.g., mpv_options=--script=... or input-commands=...). The victim must click the link in a browser and approve the macOS protocol prompt to open IINA. No valid media file is required; the injected mpv parameters alone trigger arbitrary command execution as the current macOS user [patch_id=1263034].

Affected code

The vulnerability exists in the iina://open custom URL scheme handler. The patch [patch_id=1263034] modifies the handler to validate query parameters, specifically those prefixed with mpv_ that can inject arbitrary options or commands into the mpv runtime.

What the fix does

The patch [patch_id=1263034] adds validation to the iina://open URL handler to reject or sanitize mpv_-prefixed query parameters that could inject arbitrary mpv options or input-commands. By filtering these parameters before they reach the mpv runtime, the fix prevents an attacker from using the URL scheme to pass --script, --run, or other dangerous mpv options that would execute shell commands.

Preconditions

  • networkAttacker must deliver a crafted URL to the victim (e.g., via a web page, email, or messaging link).
  • authVictim must approve the macOS protocol prompt to allow IINA to open the iina://open URL.
  • inputThe URL must contain malicious mpv_-prefixed query parameters such as mpv_options or input-commands.

Generated on May 21, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

4

News mentions

0

No linked articles in our index yet.