cvedb.io
CVE-2026-28412
MEDIUM · CVSS 6.5
EPSS exploitation probability: 0%
Published 2026-03-02T16:16:25.930 · Last modified 2026-06-17T10:28:34.513

Summary

Textream is a free macOS teleprompter app. Prior to version 1.5.1, the `DirectorServer` WebSocket server imposes no limit on concurrent connections. Combined with a broadcast timer that sends state to all connected clients every 100 ms, an attacker can exhaust CPU and memory by flooding the server with connections, causing the Textream application to freeze and crash during a live session. Version 1.5.1 fixes the issue.

Affected products

fka — textream

Does this affect you?

Add your gear to cvedb and we'll alert you only when fka ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.