Compliance Impact

The vulnerability allows arbitrary file writes on the host filesystem due to path traversal in ZIP archive extraction. This could potentially lead to unauthorized modification or disruption of system files, impacting the integrity and availability of data.

While the provided information does not explicitly mention compliance with standards like GDPR or HIPAA, such a vulnerability could pose risks to compliance by enabling attackers to alter or disrupt sensitive data or system operations, which may violate data protection and security requirements mandated by these regulations.

Useful 0 Not Useful 0

Executive Summary

CVE-2026-48055 is a high-severity Zip Slip vulnerability found in Streambert, a cross-platform Electron Desktop App used to stream and download video media. In versions 2.4.0 and earlier, the app's subtitle extraction logic does not properly sanitize filenames inside ZIP archives. This allows a malicious ZIP file containing path traversal sequences to escape the intended extraction directory and write arbitrary files anywhere on the host filesystem, depending on the app's write permissions.

The vulnerability occurs because the application constructs the destination file path by directly concatenating the raw archive entry name to a temporary directory path without removing directory traversal characters. This flaw was fixed in version 2.5.0 by sanitizing filenames to remove such sequences.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can have severe impacts because it allows attackers to write arbitrary files to the host filesystem without any privileges or user interaction. This can lead to compromise of the system's integrity and availability.

• Attackers can overwrite or create files anywhere on the system, potentially leading to code execution, data corruption, or denial of service.
• Since the vulnerability requires no privileges or user interaction, it can be exploited remotely by tricking the application into processing a malicious ZIP archive.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability involves the extraction of ZIP archives with malicious filenames that perform path traversal. Detection can focus on monitoring the extraction process of subtitle ZIP files by Streambert versions 2.4.0 and earlier.

You can check for suspicious file writes outside the expected temporary directory during subtitle extraction. For example, monitor file system activity for unexpected file creations or modifications outside the application's temp folder.

Commands to help detect exploitation attempts might include:

• Using auditd or inotifywait to watch the temporary extraction directory and surrounding filesystem for unexpected file writes.
• On Linux, use commands like `inotifywait -m /tmp/streambert_subtitle_extract` (replace with actual temp path) to monitor file creation events.
• Search for suspicious ZIP files with directory traversal entries using unzip or zipinfo, for example: `zipinfo suspicious.zip | grep '\.\./'` to detect path traversal sequences in archive entries.
• Check Streambert version installed with commands like `streambert --version` or inspecting the application metadata to confirm if it is version 2.4.0 or earlier, which are vulnerable.

Useful 0 Not Useful 0

Mitigation Strategies

The primary mitigation step is to upgrade Streambert to version 2.5.0 or later, where this vulnerability has been fixed by sanitizing archive entry filenames during extraction.

Until the upgrade is applied, avoid processing untrusted or suspicious subtitle ZIP archives with Streambert, as they may contain malicious path traversal payloads.

Additionally, restrict the application's write permissions to limit the impact of any potential exploitation.

Monitor filesystem activity around the temporary extraction directories to detect any unusual file writes.

Useful 0 Not Useful 0