top of page
perceptive_background_267k.jpg

Textream is a free macOS teleprompter app. Prior to version 1.5.1, the `DirectorServer` WebSocket server (`ws://127.0.0.1:<httpPort+1>`) accepts connections fro…

Published:

1 maart 2026 om 23:00:00

Alert date:

2 maart 2026 om 17:01:35

Source:

nvd.nist.gov

Click to open the original link from this advisory

Operating Systems, Web Technologies

CVE-2026-28403 affects Textream, a free macOS teleprompter app. Prior to version 1.5.1, the DirectorServer WebSocket server accepts connections from any origin without validating the HTTP Origin header during the WebSocket handshake. This allows malicious web pages visited in the same browser session to silently connect to the local WebSocket server and send arbitrary DirectorCommand payloads, enabling full remote control of the teleprompter content. The vulnerability was fixed in version 1.5.1.

Technical details

Mitigation steps:

Affected products:

Textream

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-28403
https://github.com/f/textream/commit/f5ebad82750b9313386c34af8f0ede50c213a8a0
https://github.com/f/textream/security/advisories/GHSA-wr3v-x247-337w

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page