What is CVE-2026-44482?

CVE-2026-44482 is a critical-severity vulnerability in Richardhbtz Soundcloud-rpc, classified under Improper Input Validation. CVSS score: 9.6/10. Published 2026-05-14.

How severe is CVE-2026-44482?

Critical severity. CVSS v3 base score is 9.6 out of 10.

RCE in Richardhbtz Soundcloud-rpc

CVE-2026-44482

soundcloud-rpc is a SoundCloud Client with Discord Rich Presence, Dark Mode, Last.fm and AdBlock support. Prior to 0.1.8, a track title containing an HTML payload executed locally in the Electron app. This means attacker-controlled SoundCl…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.001 (31.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.6 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H.

Affected products

Richardhbtz Soundcloud-rpc — versions < 0.1.8

Weakness classification (CWE)

CWE-20 — Improper Input Validation
CWE-79 — Cross-site Scripting
CWE-94 — Code Injection
CWE-862 — Missing Authorization

References

security-advisories@github.com (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2026-44482?: CVE-2026-44482 is a critical-severity vulnerability in Richardhbtz Soundcloud-rpc, classified under Improper Input Validation. CVSS score: 9.6/10. Published 2026-05-14.
How severe is CVE-2026-44482?: Critical severity. CVSS v3 base score is 9.6 out of 10.