CVE-2026-28427

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions OpenDeck versions prior to 2.8.1

Description OpenDeck is Linux software for the Elgato Stream Deck. The service listening on port 57118 serves static files for installed plugins without proper path sanitization. An attacker can use '../' sequences in the request path to traverse outside the intended directory and read arbitrary files accessible to OpenDeck. The vulnerable component serves static files for installed plugins.

Recommendations Update to OpenDeck version 2.8.1 or later.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-24CWE-22

Related Identifiers

CVE-2026-28427

GHSA-4974-G27Q-H5M8

Affected Products

Elgato Stream Deck

Opendeck

CVE-2026-28427

Weakness Enumeration

Related Identifiers

Affected Products

References · 10