CVE-2026-37281

Published May 19th, 2026

View on NVD ↗

CVSS v3

9.8

CRITICAL

CVSS v2

N/A

Affected

PROJECT

Description

An OS command injection vulnerability in the /stream-to-vlc Express route in hitarth-gg Zenshin before 2.7.0 allows remote attackers to execute arbitrary commands via the url parameter.

hitarth-gg/zenshin

🔖 Web & Electron based Anime Streaming App for 🐈s

GitHub

738