
We’ve just published a blog post with the full write-up for this issue, so be sure to check it out!
codeanlabs.com/2026/06/cve-20…
Codean@CodeanIO
We looked into Kdenlive and find out that opening someone else's project was not the best idea, since it could lead to Remote Code Execution. The vulnerability (CVE-2026-45184) has been patched in version 26.04.1, make sure to update and remember: do not trust FFmpeg parameters!
English




