{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-05T22:12:51.103","vulnerabilities":[{"cve":{"id":"CVE-2026-28412","sourceIdentifier":"security-advisories@github.com","published":"2026-03-02T16:16:25.930","lastModified":"2026-03-10T18:23:12.377","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Textream is a free macOS teleprompter app. Prior to version 1.5.1, the `DirectorServer` WebSocket server imposes no limit on concurrent connections. Combined with a broadcast timer that sends state to all connected clients every 100 ms, an attacker can exhaust CPU and memory by flooding the server with connections, causing the Textream application to freeze and crash during a live session. Version 1.5.1 fixes the issue."},{"lang":"es","value":"Textream es una aplicación de teleprómpter gratuita para macOS. Antes de la versión 1.5.1, el servidor WebSocket 'DirectorServer' no impone límite en las conexiones concurrentes. Combinado con un temporizador de difusión que envía el estado a todos los clientes conectados cada 100 ms, un atacante puede agotar la CPU y la memoria inundando el servidor con conexiones, causando que la aplicación Textream se congele y falle durante una sesión en vivo. La versión 1.5.1 soluciona el problema."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-400"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fka:textream:*:*:*:*:*:*:*:*","versionEndExcluding":"1.5.1","matchCriteriaId":"E99045B6-44DC-4400-9E55-4A06DDBCA51A"}]}]}],"references":[{"url":"https://github.com/f/textream/commit/3524fa96f98ba17025b48ce9e19d49d859fc2ec1","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/f/textream/security/advisories/GHSA-qr5p-7x47-qxh9","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]}]}}]}