We looked into Kdenlive and find out that opening someone else's project was not the best idea, since it could lead to Remote Code Execution. The vulnerability (CVE-2026-45184) has been patched in version 26.04.1, make sure to update and remember: do not trust FFmpeg parameters!

@CodeanIO Time to check/realize that this is true un kdenlive, blender, and pretty any scriptable vidéo/photo software ! 🥰