CVE-2026-28412

MEDIUM

Textream <1.5.1 - DoS

Title source: llm

Description

Textream is a free macOS teleprompter app. Prior to version 1.5.1, the `DirectorServer` WebSocket server imposes no limit on concurrent connections. Combined with a broadcast timer that sends state to all connected clients every 100 ms, an attacker can exhaust CPU and memory by flooding the server with connections, causing the Textream application to freeze and crash during a live session. Version 1.5.1 fixes the issue.

References (2)

Scores

CVSS v3 6.5
EPSS 0.0004
EPSS Percentile 10.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Classification

CWE
CWE-400
Status published

Affected Products (1)

textream/textream < 1.5.1

Timeline

Published Mar 02, 2026
Tracked Since Mar 02, 2026