CVE-2026-44482 - Vulnerability Analysis
CriticalCVSS: 9.6Last Updated: May 14, 2026
soundcloud-rpc - Stored XSS
Overview
soundcloud-rpc < 0.1.8 contains a stored XSS caused by rendering untrusted track metadata as raw HTML in Electron views with Node.js integration, letting attackers execute local commands, exploit requires malicious track metadata.
Severity & Score
Impact
Attackers can execute local commands on the user's machine via crafted track metadata, leading to full system compromise.
Mitigation
Update to version 0.1.8 or later.
Social Media Activity(2 posts)
š“ CVE-2026-44482 - Critical (9.6) soundcloud-rpc is a SoundCloud Client with Discord Rich Presence, Dark Mode, Last.fm and AdBlock support. Prior to 0.1.8, a track title containing an HTML payload executed locally in the Electron app. This means attacker-controlled SoundCloud trac... š https://www.thehackerwire.com/vulnerability/CVE-2026-44482/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
š“ CVE-2026-44482 - Critical (9.6) soundcloud-rpc is a SoundCloud Client with Discord Rich Presence, Dark Mode, Last.fm and AdBlock support. Prior to 0.1.8, a track title containing an HTML payload executed locally in the Electron app. This means attacker-controlled SoundCloud trac... š https://www.thehackerwire.com/vulnerability/CVE-2026-44482/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-44482
- Severity
- Critical
- CVSS Score
- 9.6
- Type
- stored_xss
- Status
- rejected
- EPSS
- 0.0%
- Social Posts
- 2
CWE
- CWE-20
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H