NVD HIGH: CVE-2026-47114 — IINA before 1.4.3 contains a user-assisted command execution vulnerability that ...

Thursday, May 21, 2026 at 08:16 PM UTC·Source: NIST NVD

Updated: Tuesday, May 26, 2026 at 07:00 PM UTC

Executive Summary

IINA before 1.4.3 contains a user-assisted command execution vulnerability that allows remote attackers to execute arbitrary commands by supplying malicious mpv_-prefixed query parameters through the iina://open custom URL scheme handler. Attackers can deliver a crafted URL via a browser that passes unvalidated mpv_options/input-commands parameters into the mpv runtime, causing arbitrary command e

Analysis

Indicators of Compromise (1)

CVE (1)

CVE-2026-47114

NVD MITRE CVE

Source Attribution

Originally published by NIST NVD on May 21, 2026. Verified by: NIST.

Related Threats

MEDIUMVulnerabilityNEW

Tina Peters, convicted in election-security breach, emerges defiant and vows legal fight

The former Colorado election clerk struck an unrepentant pose in her first interview after her prison sentence was commuted by Colorado Governor Jared Polis. The post Tina Peters, convicted in election-security breach, emerges defiant and vows legal fight appeared first on CyberScoop .

41m agoCyberScoop

MEDIUMVulnerability

NSA selects new leads for key cybersecurity posts

David Imbordino, an NSA senior executive who most recently led its cybersecurity directorate in an acting capacity, has been named as its new chief. Bruce Jones, a career NSA technical and operational leader, as the new head of its Cybersecurity Collaboration Center.

1h agoThe Record

LOWVulnerability

WP Maps Pro Vulnerability Exploited to Take Over WordPress Sites

The security defect (CVE-2026-8732) allows unauthenticated attackers to create administrative accounts on the affected installations. The post WP Maps Pro Vulnerability Exploited to Take Over WordPress Sites appeared first on SecurityWeek .

CVE-2026-8732

2h agoSecurityWeek