CVE-2026-28412

Name of the Vulnerable Software and Affected Versions Textream versions prior to 1.5.1

Description Textream, a macOS teleprompter application, is susceptible to a denial-of-service condition. The DirectorServer WebSocket server does not limit concurrent connections. This, combined with a broadcast timer sending state updates to all connected clients every 100 milliseconds, allows an attacker to deplete CPU and memory resources by establishing numerous connections. This can lead to the Textream application freezing and crashing, particularly during live sessions. The vulnerable component is the DirectorServer WebSocket server.

Recommendations Update to version 1.5.1 or later.