UnratedPublic exploit

Zip Slip Arbitrary File Write in Streambert Subtitle Extraction

IdentifiersCVE-2026-48055CWE-22

CVE-2026-48055 is a Zip Slip/path traversal vulnerability in Streambert, a cross-platform Electron desktop application for streaming and downloading video media. Streambert 2.4.0 and earlier fail to sanitize ZIP archive entry filenames during subtitle archive extraction. The vulnerable logic constructs the extraction destination path by concatenating the temporary directory path with the raw archive entry name (for example, extracted.name) without validating or normalizing traversal sequences. A malicious ZIP archive containing entries with ../ style path traversal can therefore escape the intended temporary extraction directory and cause files to be written to attacker-chosen locations on the host filesystem, subject to the application's effective write permissions.

For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial

ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation allows arbitrary file write on the host system within the permissions of the Streambert process. This can be used to overwrite application or user files, plant malicious content in writable locations, disrupt application or system behavior, and potentially achieve further compromise depending on what paths are writable and later consumed or executed by the system or user. The provided context states high confidentiality, integrity, and availability impact and describes the issue as remotely exploitable.

Mitigation

If you can’t patch tonight, do this now.

If immediate upgrade is not possible, disable or avoid processing untrusted subtitle ZIP archives, especially those downloaded from remote or third-party sources. Restrict Streambert execution privileges to minimize writable filesystem locations, run the application in a constrained user context, and monitor for unexpected file creation outside the temporary extraction directory. Additional defensive measures include sandboxing the application and filtering archive contents to block traversal sequences in entry names.

Remediation

Patch, then assume compromise.

Upgrade Streambert to version 2.5.0 or later, where the issue is fixed. The underlying remediation is to sanitize and validate archive entry filenames before extraction, normalize paths, and reject entries that resolve outside the intended extraction directory. Extraction code should enforce a canonical destination-path check and avoid writing any archive member whose resolved path escapes the designated temporary directory.

PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

ACTIVITY FEED

Recent activity

2 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

2 SOURCESView more in app

cvefeed high severityNews

Jun 16, 2026

CVE-2026-48055 - Streambert: Arbitrary File Write (Zip Slip) via Subtitle Extraction

An arbitrary file write / path traversal Zip Slip vulnerability in Streambert's subtitle extraction logic that allows malicious ZIP archives to escape the temporary directory and write files anywhere on the host filesystem within the app's permissions.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.

Start free trial

Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity1

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES

MITRE CVE

cve.org · CVE-2026-48055

NVD

nvd.nist.gov/vuln/detail/CVE-2026-48055

MITRE CWE · CWE-22

cwe.mitre.org