CVE ID :CVE-2026-47114 Published : May 21, 2026, 8:16 p.m. | 45 minutes ago Description :IINA before 1.4.3 contains a user-assisted command execution vulnerability that allows remote attackers to execute arbitrary commands by supplying malicious mpv_-prefixed query parameters through the iina://open custom URL scheme handler. Attackers can deliver a crafted URL via a browser that passes unvalidated mpv_options/input-commands parameters into the mpv runtime, causing arbitrary command execution as the current macOS user upon approval of the browser protocol prompt without requiring a valid media file. Severity: 8.8 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...