CVE-2026-28427: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in nekename OpenDeck
CVE-2026-28427 is a path traversal vulnerability in OpenDeck versions prior to 2. 8. 1, a Linux software for Elgato Stream Deck devices. The service listens on port 57118 and serves static files for installed plugins but fails to properly sanitize path components. An attacker can exploit this by including '.. /' sequences in the request path to access files outside the intended directory, potentially reading any file accessible by OpenDeck. Exploitation requires network access to the service and user interaction, with a medium complexity due to the need for crafted requests. The vulnerability does not require authentication but has a medium CVSS score of 5. 9. It is fixed in version 2.
AI Analysis
Technical Summary
OpenDeck is a Linux-based software designed to interface with Elgato Stream Deck devices, providing plugin support and static file serving over a network service listening on port 57118. Prior to version 2.8.1, OpenDeck's file-serving component improperly handles pathname sanitization, specifically failing to restrict directory traversal sequences such as '../' in HTTP request paths. This flaw allows an unauthenticated remote attacker to craft requests that traverse outside the intended plugin directories and access arbitrary files on the host system that the OpenDeck process can read. The vulnerability is categorized under CWE-22 (Improper Limitation of a Pathname to a Restricted Directory) and CWE-24 (Improper Restriction of Operations within the Bounds of a Memory Buffer). The CVSS 4.0 vector indicates network attack vector (AV:N), high attack complexity (AC:H), no privileges required (PR:N), user interaction required (UI:A), and impacts confidentiality with high scope impact (VC:H, SI:L, SA:L). Although exploitation requires user interaction, the attacker does not need authentication, making it a significant risk for exposed OpenDeck services. No known exploits are currently reported in the wild. The vulnerability is resolved in OpenDeck version 2.8.1 by proper path sanitization and validation to prevent directory traversal.
Potential Impact
This vulnerability allows attackers to read arbitrary files on systems running vulnerable OpenDeck versions, potentially exposing sensitive configuration files, credentials, or other private data accessible by the OpenDeck process. For organizations using OpenDeck in production or streaming environments, this could lead to information disclosure, aiding further attacks or espionage. Since the service listens on a network port, any exposed instance could be targeted remotely. The requirement for user interaction slightly reduces risk but does not eliminate it, especially in environments where users might be tricked into initiating malicious requests. The impact on confidentiality is high, while integrity and availability are not directly affected. The medium CVSS score reflects the moderate ease of exploitation and the scope of affected systems. Organizations relying on OpenDeck for streaming or automation should consider the risk of data leakage and potential lateral movement within their networks.
Mitigation Recommendations
The primary mitigation is to upgrade OpenDeck to version 2.8.1 or later, where the vulnerability is fixed. Until upgrade is possible, organizations should restrict network access to port 57118 using firewalls or network segmentation to limit exposure to trusted users only. Monitoring and logging access to the OpenDeck service can help detect suspicious path traversal attempts. Additionally, running OpenDeck with the least privileges necessary reduces the impact of potential file disclosure. Employing host-based intrusion detection systems (HIDS) to alert on unusual file access patterns may also help. Educate users about the risks of interacting with untrusted content that could trigger malicious requests. Finally, consider disabling the static file serving feature if it is not required for operational purposes.
Affected Countries
United States, Germany, United Kingdom, Canada, Australia, France, Japan, South Korea, Netherlands, Sweden
CVE-2026-28427: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in nekename OpenDeck
Description
CVE-2026-28427 is a path traversal vulnerability in OpenDeck versions prior to 2. 8. 1, a Linux software for Elgato Stream Deck devices. The service listens on port 57118 and serves static files for installed plugins but fails to properly sanitize path components. An attacker can exploit this by including '.. /' sequences in the request path to access files outside the intended directory, potentially reading any file accessible by OpenDeck. Exploitation requires network access to the service and user interaction, with a medium complexity due to the need for crafted requests. The vulnerability does not require authentication but has a medium CVSS score of 5. 9. It is fixed in version 2.
AI-Powered Analysis
Technical Analysis
OpenDeck is a Linux-based software designed to interface with Elgato Stream Deck devices, providing plugin support and static file serving over a network service listening on port 57118. Prior to version 2.8.1, OpenDeck's file-serving component improperly handles pathname sanitization, specifically failing to restrict directory traversal sequences such as '../' in HTTP request paths. This flaw allows an unauthenticated remote attacker to craft requests that traverse outside the intended plugin directories and access arbitrary files on the host system that the OpenDeck process can read. The vulnerability is categorized under CWE-22 (Improper Limitation of a Pathname to a Restricted Directory) and CWE-24 (Improper Restriction of Operations within the Bounds of a Memory Buffer). The CVSS 4.0 vector indicates network attack vector (AV:N), high attack complexity (AC:H), no privileges required (PR:N), user interaction required (UI:A), and impacts confidentiality with high scope impact (VC:H, SI:L, SA:L). Although exploitation requires user interaction, the attacker does not need authentication, making it a significant risk for exposed OpenDeck services. No known exploits are currently reported in the wild. The vulnerability is resolved in OpenDeck version 2.8.1 by proper path sanitization and validation to prevent directory traversal.
Potential Impact
This vulnerability allows attackers to read arbitrary files on systems running vulnerable OpenDeck versions, potentially exposing sensitive configuration files, credentials, or other private data accessible by the OpenDeck process. For organizations using OpenDeck in production or streaming environments, this could lead to information disclosure, aiding further attacks or espionage. Since the service listens on a network port, any exposed instance could be targeted remotely. The requirement for user interaction slightly reduces risk but does not eliminate it, especially in environments where users might be tricked into initiating malicious requests. The impact on confidentiality is high, while integrity and availability are not directly affected. The medium CVSS score reflects the moderate ease of exploitation and the scope of affected systems. Organizations relying on OpenDeck for streaming or automation should consider the risk of data leakage and potential lateral movement within their networks.
Mitigation Recommendations
The primary mitigation is to upgrade OpenDeck to version 2.8.1 or later, where the vulnerability is fixed. Until upgrade is possible, organizations should restrict network access to port 57118 using firewalls or network segmentation to limit exposure to trusted users only. Monitoring and logging access to the OpenDeck service can help detect suspicious path traversal attempts. Additionally, running OpenDeck with the least privileges necessary reduces the impact of potential file disclosure. Employing host-based intrusion detection systems (HIDS) to alert on unusual file access patterns may also help. Educate users about the risks of interacting with untrusted content that could trigger malicious requests. Finally, consider disabling the static file serving feature if it is not required for operational purposes.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-02-27T15:54:05.137Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 69a88c81d1a09e29cb6b4cb3
Added to database: 3/4/2026, 7:48:17 PM
Last enriched: 3/4/2026, 8:03:16 PM
Last updated: 3/4/2026, 9:16:12 PM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2025-70225: n/a
HighCVE-2025-70221: n/a
HighCVE-2025-46108: n/a
HighCVE-2025-70219: n/a
HighCVE-2026-28435: CWE-400: Uncontrolled Resource Consumption in yhirose cpp-httplib
HighActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.