CVE-2026-28412 is a resource exhaustion vulnerability categorized under CWE-400, found in the Textream macOS teleprompter application prior to version 1.5.1. The root cause lies in the DirectorServer WebSocket server component, which lacks restrictions on the number of concurrent client connections. The server also employs a broadcast timer that sends state updates to all connected clients every 100 milliseconds. An attacker can exploit this design flaw by establishing a large number of simultaneous WebSocket connections, causing the server to repeatedly send state data to an excessive number of clients. This results in uncontrolled consumption of CPU and memory resources, ultimately causing the Textream application to freeze and crash during active sessions. The vulnerability affects availability (denial of service) but does not compromise confidentiality or integrity. The CVSS v3.1 base score is 6.5, reflecting a medium severity level, with network attack vector, low attack complexity, no privileges required, but requiring user interaction. The vulnerability was publicly disclosed on March 2, 2026, and fixed in version 1.5.1 by introducing limits on concurrent connections to the WebSocket server. There are no known exploits reported in the wild at this time.

This vulnerability primarily impacts the availability of the Textream application during live teleprompter sessions. An attacker can cause denial of service by exhausting CPU and memory resources, leading to application freezes and crashes. For organizations relying on Textream for live presentations, broadcasts, or events, this can result in significant operational disruption, loss of productivity, and potential reputational damage. Since the attack requires no authentication but does require user interaction (e.g., the user running the vulnerable version), the risk is somewhat mitigated but still notable. The lack of impact on confidentiality and integrity limits the scope to availability concerns. However, in environments where continuous uptime is critical, such as media production or live event management, this vulnerability could have a material effect. The absence of known exploits in the wild reduces immediate risk but does not eliminate the potential for future exploitation.

To mitigate this vulnerability, organizations should upgrade Textream to version 1.5.1 or later, where the issue is resolved by enforcing limits on concurrent WebSocket connections. Until the upgrade can be applied, network-level controls such as WebSocket connection rate limiting and IP-based connection throttling can reduce the risk of flooding attacks. Deploying application-layer firewalls or intrusion prevention systems that monitor and restrict excessive WebSocket connections can also help. Additionally, educating users about the risks of running outdated versions and encouraging prompt updates is critical. Monitoring application performance and logs for unusual spikes in WebSocket connections or resource usage can provide early detection of attempted exploitation. Finally, isolating the teleprompter application within a segmented network zone can limit the blast radius of any attack.