Description
remotion-dev remotion v4.0.409 was discovered to contain a remote code execution (RCE) vulnerability.
Published: 2026-06-15
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in remotion-dev remotion version 4.0.409 permits an attacker to execute arbitrary code. The vulnerability is identified as a remote code execution (CWE‑94) and allows execution with the privilege level of the application, potentially compromising the host system.

Affected Systems

The affected product is remotion-dev remotion version 4.0.409. No other affected versions are listed.

Risk and Exploitability

The CVSS score of 9.8 indicates a critical flaw. The EPSS score is reported as less than 1 %, suggesting a low likelihood of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. Because the bug is listed as a remote code execution flaw, it can be triggered from an external source.

Generated by OpenCVE AI on June 18, 2026 at 01:43 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade remotion-dev remotion to a version newer than 4.0.409 that contains the fix.
  • If an upgrade cannot be performed immediately, consider disabling the feature that allows remote code execution or restricting its exposure to trusted hosts.
  • Deploy application-level monitoring to detect unusual execution patterns or calls to unsafe functions.

Generated by OpenCVE AI on June 18, 2026 at 01:43 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-2jqp-f4gr-44fr Remotion: remote code execution (RCE) vulnerability
History

Fri, 26 Jun 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Remotion-dev
Remotion-dev remotion
Vendors & Products Remotion-dev
Remotion-dev remotion

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Title Remote Code Execution Vulnerability in remotion-dev remotion v4.0.409

Wed, 17 Jun 2026 05:15:00 +0000

Type Values Removed Values Added
Title Remote Code Execution Vulnerability in remotion-dev remotion v4.0.409

Tue, 16 Jun 2026 15:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-94
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 15 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Description remotion-dev remotion v4.0.409 was discovered to contain a remote code execution (RCE) vulnerability.
References

Subscriptions

Remotion-dev Remotion
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-06-16T13:11:50.623Z

Reserved: 2026-03-04T00:00:00.000Z

Link: CVE-2026-30120

cve-icon Vulnrichment

Updated: 2026-06-16T13:11:39.218Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-15T20:16:25.457

Modified: 2026-06-16T15:16:36.727

Link: CVE-2026-30120

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T09:46:50Z

Weaknesses
  • CWE-94

    Improper Control of Generation of Code ('Code Injection')