Vulnerabilities4 min read
PixelSmash FFmpeg Bug Turns Media Files Into RCE Weapons
CVE-2026-8461 is a heap overflow in FFmpeg's MagicYUV decoder that enables remote code execution via malicious video files. Jellyfin, Kodi, and Nextcloud affected.
Marcus ChenJun 23, 2026