External risk intelligence

Streambert Zip Slip Vulnerability Allows Arbitrary File Write

CVE advisorySeverity: CRITICAL (CVSS 10.0)

CVE-2026-48055

Streambert's subtitle extraction logic contains a Zip Slip vulnerability that allows attackers to write arbitrary files to the host filesystem if a malicious archive is processed. This could lead to system compromise.

Path Traversal

Halo Surface Signal

Very unlikely · external exposure

1Halo Surface Signal

The vulnerability exists within a desktop client application designed for streaming and downloading video media. It is a client-side utility that operates locally on the user's host machine. It is not an internet-facing service, gateway, or network appliance, and its functions are not typically exposed to the public internet for remote interaction.

Horizon Alert

Summary of the vulnerability and why it matters

A critical vulnerability in Streambert, a desktop application for streaming and downloading video, could allow an attacker to write arbitrary files to your systems. This occurs when the application extracts subtitle archives, and it does not properly check filenames, potentially enabling unauthorized file placement.

  • Malicious archives can write files anywhere.
  • Confirms risk for users of this media app.
  • Verify if Streambert is deployed internally.

Attack Path

How an attacker could exploit the issue

An attacker could exploit this vulnerability by tricking a user into opening a specially crafted ZIP archive. When Streambert processes this archive to extract subtitle files, it fails to properly validate the filenames within the archive. This allows the attacker to manipulate the extraction process, leading to arbitrary file writes on the user's system.

  • Requires user to open malicious archive.
  • Vulnerability triggered by subtitle extraction logic.
  • Risk of arbitrary file writes.

Live Threat

Current exploitation, exposure, and threat context

A vulnerability in Streambert's subtitle extraction could allow a specially crafted ZIP archive to write arbitrary files to the host filesystem, subject to the application's permissions. This occurs when the application fails to sanitize filenames within downloaded ZIP archives during subtitle extraction, enabling path traversal.

  • Arbitrary file writes on host filesystem.
  • Malicious ZIP archive extraction.
  • Compromise of system integrity.

Operational Fix

Recommended remediation, mitigation, and detection steps

Action for Streambert's Zip Slip vulnerability likely falls to application owners and system administrators responsible for managing desktop applications. The initial step is to identify all instances of Streambert, confirm their reachability and criticality, and then determine the accountable owner before planning remediation.

  • Application owners should own the remediation.
  • Verify Streambert's presence and reachability.
  • Plan updates during maintenance windows.

Supplementary metadata

PCI scan relevance

Yes

CVE-2026-48055 — Halo PCI Relevance: Yes. Under typical PCI ASV external scan criteria, this issue may be flagged for scan prioritization.

This vulnerability allows path traversal, which can lead to arbitrary file writes and is a common cause for PCI ASV scan failures.

Scan-prioritization guidance only—not a PCI DSS certification or ASV attestation.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H

Validate whether this threat affects your internet-facing exposure.

Halo Threat Intelligence helps prioritize remediation with Halo Surface Signal and H/A/L/O context. Start exposure validation with a free external attack surface trial.

Free EASM Trial See How Signal Works

Frequently asked questions

What is Streambert and how is it used?

Streambert is a cross-platform desktop application built on Electron. It is primarily used by individuals to stream and download video media content directly to their local computers.

What does the Zip Slip vulnerability mean for CVE-2026-48055?

This CVE involves a weakness classified as Path Traversal (CWE-22) and Improper Input Validation (CWE-20). In plain terms, the software fails to check filenames inside ZIP archives. When extracting subtitles, it can be tricked into writing files outside the intended folder and onto other parts of your computer's storage.

How is this vulnerability triggered in Streambert?

The flaw is triggered specifically during the application's subtitle extraction process, which uses ZIP archives. It does not trigger during standard video streaming or when opening legitimate, safe files. An attacker must successfully convince the software to process a specially crafted ZIP file containing malicious path sequences.

Do I need to worry about CVE-2026-48055?

According to Halo Surface Signal, this is a client-side application meant for local use rather than an internet-facing service. While the vulnerability is critical, the likelihood of remote exploitation is very low because it is not a network appliance or gateway exposed to public traffic.

What should I do if I use Streambert?

If you are running Streambert, identify where it is installed on your systems. The most direct response is to update the software to version 2.5.0 or later, which contains the fix for the extraction logic. Coordinate with your team to plan this update if the application is managed across multiple devices.

References

Sources and related resources

Primary sources: NVD, CVE.org.

NVDPublished