{"uuid": "ca4465ef-2f93-41ed-bfcf-d017435f84b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-8461", "type": "seen", "source": "https://bsky.app/profile/securityrss.bsky.social/post/3mp2hd3u43l2q", "content": "A critical vulnerability, CVE-2026-8461 (\"PixelSmash\"), in FFmpeg's MagicYUV decoder allows remote code execution via crafted media files. The flaw, with a CVSS score of 8.8, affects applications like Kodi and Jellyfin, enabling attackers to exploit the bug through media file uploads.", "creation_timestamp": "2026-06-24T17:36:55.452364Z"}