Primary

Context

hitarth-gg Zenshin OS Command Injection Vulnerability

Vulnerability

Patched

A command injection vulnerability has been identified in the Zenshin application by hitarth-gg, specifically in versions prior to 2.7.0. The issue arises within the '/stream-to-vlc' route, where user-supplied input in the 'url' parameter is not properly validated before being passed to a command execution function. This flaw allows remote attackers to execute arbitrary commands on the server where the application is running.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on the affected system.

Reproduction

To reproduce this vulnerability, send a request to the '/stream-to-vlc' endpoint with a crafted 'url' parameter that includes shell metacharacters. The application will execute the injected command on the server.

Remediation

Users can update to Zenshin version 2.7.1 or later, where this vulnerability has been fixed.

Added: May 19, 2026, 4:20 PM

Updated: May 19, 2026, 4:20 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

8.0

remediation

0.0

relevance

8.8

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

8.0

remediation

0.0

relevance

8.8

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

hitarth-gg Zenshin OS Command Injection Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

hitarth-gg Zenshin

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating