QwikSec

Security Database

CVE

CWE

Training

CVE-2026-28427

Published: Mar 4, 2026

Modified: Mar 4, 2026

PUBLISHED

Description

OpenDeck is Linux software for your Elgato Stream Deck. Prior to 2.8.1, the service listening on port 57118 serves static files for installed plugins but does not properly sanitize path components. By including ../ sequences in the request path, an attacker can traverse outside the intended directory and read any file OpenDeck can access. This vulnerability is fixed in 2.8.1.

Vendor	Product	Versions
nekename	OpenDeck	affected `< 2.8.1`

Weaknesses (CWE)

References

https://github.com/nekename/OpenDeck/security/advisories/GHSA-4974-g27q-h5m8

x_refsource_CONFIRM

https://github.com/nekename/OpenDeck/commit/488a52050017e95a72ba448226ac5e19a20dd9ed

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.