CVE-2026-2629 – jishi node-sonos-http-api TTS Provider mac-os.js Promise os command injection

CVE ID : CVE-2026-2629

Published : Feb. 17, 2026, 10:18 p.m. | 41 minutes ago

Description : A weakness has been identified in jishi node-sonos-http-api up to 3776f0ee2261c924c7b7204de121a38100a08ca7. Affected is the function Promise of the file lib/tts-providers/mac-os.js of the component TTS Provider. This manipulation of the argument phrase causes os command injection. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2026-2629 – jishi node-sonos-http-api TTS Provider mac-os.js Promise os command injection

تکمیل ظرفیت سرور لهستان

سرور مناسب برای ترید و ارز دیجیتال

دیتاسنتر جدید در لهستان

سرور های جدید از اسپانیا

AMD EPYC & Ryzen از کشور انگلستان

آفر های جدید AMD EPYC و AMD Ryzen

آفر سرور اختصاصی از آمریکا

افزایش قیمت دامنه های ir از ۳۱ خرداد

افزایش قیمت جهانی دامنه .com

آفر های جدید سرور اختصاصی مرداد 1403

CVE-2026-2622 – Blossom Article Title ArticleController.java content cross site scripting

سرور های جدید از روسیه-وارز

تخفیف ویژه دامنه .ASIA

ثبت دامنه .IO

انتقال رایگان پسوند دامنه PW

Kerio Control 9.2.4 Build 2223

نوشته های مشابه

CVE-2025-13689 – DataStage on Cloud Pak for Data is vulnerable to arbitrary code injection due to runtime environment

CVE-2026-2627 – Softland FBackup Backup/Restore HID.dll link following

CVE-2026-2623 – Blossom File Upload BLOSManager.java put path traversal

CVE-2025-36348 – The Dashboard of IBM Sterling B2B Integrator and IBM Sterling File Gateway is Vulnerable to Information Disclosure