Is macOS affected by CVE-2026-28403?

Textream, a macOS teleprompter application, contains a WebSocket vulnerability that allows attackers to bypass origin validation and potentially hijack local sessions through cross-site WebSocket forgery attacks.

CVE-2026-28403

HIGH

2026-03-02 [email protected]

7.6

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

High

Availability

Low

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

PoC Detected

Mar 10, 2026 - 18:28 vuln.today

Public exploit code

Patch Released

Mar 10, 2026 - 18:28 nvd

Patch available

CVE Published

Mar 02, 2026 - 16:16 nvd

HIGH 7.6

Description

Textream is a free macOS teleprompter app. Prior to version 1.5.1, the `DirectorServer` WebSocket server (`ws://127.0.0.1:<httpPort+1>`) accepts connections from any origin without validating the HTTP `Origin` header during the WebSocket handshake. A malicious web page visited in the same browser session can silently connect to the local WebSocket server and send arbitrary `DirectorCommand` payloads, allowing full remote control of the teleprompter content. Version 1.5.1 fixes the issue.

Analysis

Textream prior to version 1.5.1 fails to validate the Origin header during WebSocket handshake, allowing malicious websites to establish unauthorized connections to the local DirectorServer and inject arbitrary commands. An attacker can exploit this from a browser to gain full remote control of teleprompter content without user interaction beyond visiting a compromised page. …

Remediation

Within 24 hours: Identify and inventory all macOS systems running Textream versions prior to 1.5.1 and restrict network access to affected systems. Within 7 days: Update all instances of Textream to version 1.5.1 or later and verify successful patch deployment. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +38

POC: +20

CVE-2026-28403 vulnerability details – vuln.today

Back

CVE-2026-28403

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

CVE-2026-28403

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code