Is macOS affected by CVE-2026-28412?

Organizations using Textream should be aware of notable risk from CVE-2026-28412, a resource exhaustion vulnerability rated CVSS 6.5. Service availability could be impacted. Proof-of-concept code is publicly available.

CVE-2026-28412

MEDIUM

2026-03-02 [email protected]

6.5

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

PoC Detected

Mar 10, 2026 - 18:23 vuln.today

Public exploit code

Patch Released

Mar 10, 2026 - 18:23 nvd

Patch available

CVE Published

Mar 02, 2026 - 16:16 nvd

MEDIUM 6.5

Description

Textream is a free macOS teleprompter app. Prior to version 1.5.1, the `DirectorServer` WebSocket server imposes no limit on concurrent connections. Combined with a broadcast timer that sends state to all connected clients every 100 ms, an attacker can exhaust CPU and memory by flooding the server with connections, causing the Textream application to freeze and crash during a live session. Version 1.5.1 fixes the issue.

Analysis

Textream versions prior to 1.5.1 lack connection limits on the DirectorServer WebSocket, allowing remote attackers to trigger denial of service by flooding the server with requests that trigger periodic state broadcasts, exhausting system resources and crashing the application during live sessions. Public exploit code exists for this vulnerability. …

Remediation

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Vendor patch is available.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +32

POC: +20

CVE-2026-28412 vulnerability details – vuln.today

Back

CVE-2026-28412

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

CVE-2026-28412

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code