Vulnerability Details CVE-2026-44353
Streamlink is a CLI utility which pipes video streams from various services into a video player. Prior to 8.4.0, Streamlink's HLS and DASH parsers do not validate the URI scheme of segment entries and other resources. A remote .m3u8 HLS playlist or .mpd DASH manifest can list file:///path/to/file as a segment, and streamlink will read that local file and write its contents to the output stream. This vulnerability is fixed in 8.4.0.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 10.3%
CVSS Severity
CVSS v3 Score 6.5
References
Products affected by CVE-2026-44353
-
cpe:2.3:a:streamlink:streamlink:0.0.1
-
cpe:2.3:a:streamlink:streamlink:0.0.2
-
cpe:2.3:a:streamlink:streamlink:0.1.0
-
cpe:2.3:a:streamlink:streamlink:0.10.0
-
cpe:2.3:a:streamlink:streamlink:0.11.0
-
cpe:2.3:a:streamlink:streamlink:0.12.0
-
cpe:2.3:a:streamlink:streamlink:0.12.1
-
cpe:2.3:a:streamlink:streamlink:0.13.0
-
cpe:2.3:a:streamlink:streamlink:0.14.0
-
cpe:2.3:a:streamlink:streamlink:0.14.2
-
cpe:2.3:a:streamlink:streamlink:0.2.0
-
cpe:2.3:a:streamlink:streamlink:0.3.0
-
cpe:2.3:a:streamlink:streamlink:0.3.1
-
cpe:2.3:a:streamlink:streamlink:0.3.2
-
cpe:2.3:a:streamlink:streamlink:0.4.0
-
cpe:2.3:a:streamlink:streamlink:0.5.0
-
cpe:2.3:a:streamlink:streamlink:0.6.0
-
cpe:2.3:a:streamlink:streamlink:0.7.0
-
cpe:2.3:a:streamlink:streamlink:0.8.1
-
cpe:2.3:a:streamlink:streamlink:0.9.0
-
cpe:2.3:a:streamlink:streamlink:1.0.0
-
cpe:2.3:a:streamlink:streamlink:1.1.0
-
cpe:2.3:a:streamlink:streamlink:1.1.1
-
cpe:2.3:a:streamlink:streamlink:1.2.0
-
cpe:2.3:a:streamlink:streamlink:1.3.0
-
cpe:2.3:a:streamlink:streamlink:1.3.1
-
cpe:2.3:a:streamlink:streamlink:1.4.0
-
cpe:2.3:a:streamlink:streamlink:1.4.1
-
cpe:2.3:a:streamlink:streamlink:1.5.0
-
cpe:2.3:a:streamlink:streamlink:1.6.0
-
cpe:2.3:a:streamlink:streamlink:1.7.0
-
cpe:2.3:a:streamlink:streamlink:2.0.0
-
cpe:2.3:a:streamlink:streamlink:2.1.0
-
cpe:2.3:a:streamlink:streamlink:2.1.1
-
cpe:2.3:a:streamlink:streamlink:2.1.2
-
cpe:2.3:a:streamlink:streamlink:2.2.0
-
cpe:2.3:a:streamlink:streamlink:2.3.0
-
cpe:2.3:a:streamlink:streamlink:2.4.0
-
cpe:2.3:a:streamlink:streamlink:3.0.0
-
cpe:2.3:a:streamlink:streamlink:3.0.1
-
cpe:2.3:a:streamlink:streamlink:3.0.2
-
cpe:2.3:a:streamlink:streamlink:3.0.3
-
cpe:2.3:a:streamlink:streamlink:3.1.0
-
cpe:2.3:a:streamlink:streamlink:3.1.1
-
cpe:2.3:a:streamlink:streamlink:3.2.0
-
cpe:2.3:a:streamlink:streamlink:4.0.0
-
cpe:2.3:a:streamlink:streamlink:4.0.1
-
cpe:2.3:a:streamlink:streamlink:4.1.0
-
cpe:2.3:a:streamlink:streamlink:4.2.0
-
cpe:2.3:a:streamlink:streamlink:4.3.0
-
cpe:2.3:a:streamlink:streamlink:5.0.0
-
cpe:2.3:a:streamlink:streamlink:5.0.1
-
cpe:2.3:a:streamlink:streamlink:5.1.0
-
cpe:2.3:a:streamlink:streamlink:5.1.1
-
cpe:2.3:a:streamlink:streamlink:5.1.2
-
cpe:2.3:a:streamlink:streamlink:5.2.0
-
cpe:2.3:a:streamlink:streamlink:5.2.1
-
cpe:2.3:a:streamlink:streamlink:5.3.0
-
cpe:2.3:a:streamlink:streamlink:5.3.1
-
cpe:2.3:a:streamlink:streamlink:5.4.0
-
cpe:2.3:a:streamlink:streamlink:5.5.0
-
cpe:2.3:a:streamlink:streamlink:5.5.1
-
cpe:2.3:a:streamlink:streamlink:6.0.0
-
cpe:2.3:a:streamlink:streamlink:6.0.1
-
cpe:2.3:a:streamlink:streamlink:6.1.0
-
cpe:2.3:a:streamlink:streamlink:6.10.0
-
cpe:2.3:a:streamlink:streamlink:6.11.0
-
cpe:2.3:a:streamlink:streamlink:6.2.0
-
cpe:2.3:a:streamlink:streamlink:6.2.1
-
cpe:2.3:a:streamlink:streamlink:6.3.0
-
cpe:2.3:a:streamlink:streamlink:6.3.1
-
cpe:2.3:a:streamlink:streamlink:6.4.0
-
cpe:2.3:a:streamlink:streamlink:6.4.1
-
cpe:2.3:a:streamlink:streamlink:6.4.2
-
cpe:2.3:a:streamlink:streamlink:6.5.0
-
cpe:2.3:a:streamlink:streamlink:6.5.1
-
cpe:2.3:a:streamlink:streamlink:6.6.0
-
cpe:2.3:a:streamlink:streamlink:6.6.1
-
cpe:2.3:a:streamlink:streamlink:6.6.2
-
cpe:2.3:a:streamlink:streamlink:6.7.0
-
cpe:2.3:a:streamlink:streamlink:6.7.1
-
cpe:2.3:a:streamlink:streamlink:6.7.2
-
cpe:2.3:a:streamlink:streamlink:6.7.3
-
cpe:2.3:a:streamlink:streamlink:6.7.4
-
cpe:2.3:a:streamlink:streamlink:6.8.0
-
cpe:2.3:a:streamlink:streamlink:6.8.1
-
cpe:2.3:a:streamlink:streamlink:6.8.2
-
cpe:2.3:a:streamlink:streamlink:6.8.3
-
cpe:2.3:a:streamlink:streamlink:6.9.0
-
cpe:2.3:a:streamlink:streamlink:7.0.0
-
cpe:2.3:a:streamlink:streamlink:7.1.0
-
cpe:2.3:a:streamlink:streamlink:7.1.1
-
cpe:2.3:a:streamlink:streamlink:7.1.2
-
cpe:2.3:a:streamlink:streamlink:7.1.3
-
cpe:2.3:a:streamlink:streamlink:7.2.0
-
cpe:2.3:a:streamlink:streamlink:7.3.0
-
cpe:2.3:a:streamlink:streamlink:7.4.0
-
cpe:2.3:a:streamlink:streamlink:7.5.0
-
cpe:2.3:a:streamlink:streamlink:7.6.0
-
cpe:2.3:a:streamlink:streamlink:8.0.0
-
cpe:2.3:a:streamlink:streamlink:8.1.0
-
cpe:2.3:a:streamlink:streamlink:8.1.1
-
cpe:2.3:a:streamlink:streamlink:8.1.2
-
cpe:2.3:a:streamlink:streamlink:8.2.0
-
cpe:2.3:a:streamlink:streamlink:8.2.1
-
cpe:2.3:a:streamlink:streamlink:8.3.0