Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2026-28403

Textream is a free macOS teleprompter app. Prior to version 1.5.1, the `DirectorServer` WebSocket server (`ws://127.0.0.1:<httpPort+1>`) accepts connections from any origin without validating the HTTP `Origin` header during the WebSocket handshake. A malicious web page visited in the same browser session can silently connect to the local WebSocket server and send arbitrary `DirectorCommand` payloads, allowing full remote control of the teleprompter content. Version 1.5.1 fixes the issue.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 6.7%
CVSS Severity
CVSS v3 Score 7.6
Products affected by CVE-2026-28403
  • Fka » Textream » Version: 1.0.0
    cpe:2.3:a:fka:textream:1.0.0
  • Fka » Textream » Version: 1.0.1
    cpe:2.3:a:fka:textream:1.0.1
  • Fka » Textream » Version: 1.1.0
    cpe:2.3:a:fka:textream:1.1.0
  • Fka » Textream » Version: 1.1.1
    cpe:2.3:a:fka:textream:1.1.1
  • Fka » Textream » Version: 1.2.0
    cpe:2.3:a:fka:textream:1.2.0
  • Fka » Textream » Version: 1.2.1
    cpe:2.3:a:fka:textream:1.2.1
  • Fka » Textream » Version: 1.2.3
    cpe:2.3:a:fka:textream:1.2.3
  • Fka » Textream » Version: 1.2.4
    cpe:2.3:a:fka:textream:1.2.4
  • Fka » Textream » Version: 1.3.0
    cpe:2.3:a:fka:textream:1.3.0
  • Fka » Textream » Version: 1.3.1
    cpe:2.3:a:fka:textream:1.3.1
  • Fka » Textream » Version: 1.3.2
    cpe:2.3:a:fka:textream:1.3.2
  • Fka » Textream » Version: 1.3.3
    cpe:2.3:a:fka:textream:1.3.3
  • Fka » Textream » Version: 1.3.4
    cpe:2.3:a:fka:textream:1.3.4
  • Fka » Textream » Version: 1.3.5
    cpe:2.3:a:fka:textream:1.3.5
  • Fka » Textream » Version: 1.3.6
    cpe:2.3:a:fka:textream:1.3.6
  • Fka » Textream » Version: 1.4.0
    cpe:2.3:a:fka:textream:1.4.0
  • Fka » Textream » Version: 1.4.1
    cpe:2.3:a:fka:textream:1.4.1
  • Fka » Textream » Version: 1.4.2
    cpe:2.3:a:fka:textream:1.4.2
  • Fka » Textream » Version: 1.4.3
    cpe:2.3:a:fka:textream:1.4.3
  • Fka » Textream » Version: 1.5.0
    cpe:2.3:a:fka:textream:1.5.0


Products
Pricing
Contact Us

Shodan ® - All rights reserved