Description
remotion-dev remotion v4.0.409 was discovered to contain an arbitrary file write vulnerability.
Published: 2026-06-15
Score: 9.1 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in remotion remotion v4.0.409 permits an attacker to write arbitrary files to the file system. The vulnerability can be used to overwrite critical files or deploy malicious payloads, leading to potential code execution, data tampering, or system compromise. The weakness is categorized as CWE-123, which signals insufficient validation of file paths during write operations.

Affected Systems

The only identified product affected is remotion remotion, version 4.0.409. No broader vendor or product range is documented, so the impact is confined to systems running that specific version.

Risk and Exploitability

The CVSS score of 9.1 marks it as Critical, yet the EPSS score is below 1%, indicating a very low likelihood of exploitation at present. The vulnerability is not listed in CISA KEV, which limits known exploitation evidence. The path to exploitation is inferred to require an attacker with the ability to execute code within the remotion environment or to exploit it remotely through an unprotected interface, but the exact attack vector is not detailed in the advisory.

Generated by OpenCVE AI on June 16, 2026 at 22:48 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update to a remotion v4.0.410 release or later that addresses the file write flaw
  • If a newer version is unavailable, bind the deployment directory or environment to read‑only permissions to block unauthorized writes
  • Implement process monitoring to detect unexpected file changes or creation events in the remotion installation directory

Generated by OpenCVE AI on June 16, 2026 at 22:48 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 16 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Title Arbitrary File Write in Remotion remotion v4.0.409

Tue, 16 Jun 2026 15:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-123
Metrics cvssV3_1

{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 15 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Description remotion-dev remotion v4.0.409 was discovered to contain an arbitrary file write vulnerability.
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-06-16T13:13:53.418Z

Reserved: 2026-03-04T00:00:00.000Z

Link: CVE-2026-30121

cve-icon Vulnrichment

Updated: 2026-06-16T13:13:47.783Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-15T20:16:25.570

Modified: 2026-06-16T15:16:36.897

Link: CVE-2026-30121

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-16T23:00:06Z

Weaknesses
  • CWE-123

    Write-what-where Condition