CVE-2026-30121: remotion-dev remotion v4
remotion-dev remotion v4.0.409 was discovered to contain an arbitrary file write vulnerability.
Metrics
- CVSS v3.1
- 9.1
- Severity
- CRITICAL
- Fixed in
- —
- Affected Products
- 1
HarborGuard Analysis
Synopsis
An arbitrary file write vulnerability affects remotion-dev remotion v4.0.409. It is reachable over the network and requires no authentication, meaning any client that can reach the service can trigger the flaw. Successful exploitation allows an attacker to write arbitrary files to the host filesystem, enabling tampering with application data or escalation to remote code execution by overwriting executable paths or configuration. HarborGuard tracks this advisory and will make a patched-image rebuild available the moment an upstream fix is published.
HarborGuard Coverage
Detection is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against customer images in connected registries and CI/CD pipelines, including custom-built images that package remotion v4.0.409.
AvailableHarborGuard scores this issue at CVSS 9.1 (Critical) and applies per-environment compliance policy weighting to determine urgency, then routes the finding to the appropriate team inbox within each customer organization.
AvailableBecause no fix version has been published upstream, HarborGuard re-evaluates this advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment a remediated release appears. Customers with auto-remediation enabled will receive the rebuild, a regression-test run, and a PR opened against affected workloads without manual intervention.
Pending upstreamExploit Conditions
- Network reachabilityRequired
The vulnerable service must be reachable over the network; an attacker sends a crafted request from any remote host without needing LAN or physical access.
- AuthenticationNot required
No credentials or session token are needed; the exploit is available to any unauthenticated client that can reach the endpoint.
- Victim interactionNot required
The attacker does not need to trick a user into any action; exploitation is fully server-side.
- Attack complexityDetail
Exploitation is reliable and condition-free; no race conditions, memory layout knowledge, or special environmental state is required.
Blast Radius
- Attacker writes arbitrary files to any path the process user can reach on the host filesystem.
- Overwriting scripts, binaries, or configuration files on the host can lead to remote code execution on the next invocation of those files.
- Application data and persisted state stored on the filesystem can be modified or replaced, corrupting outputs or poisoning downstream consumers.
- Integrity of the container image or mounted volumes is compromised, which may propagate malicious content to sibling containers sharing the same storage.
How HarborGuard Handles This
Available on HarborGuard: detection for this Critical-severity arbitrary file write is active across all connected registries and pipelines, matching any image that bundles remotion v4.0.409. Because no upstream fix exists yet, HarborGuard monitors the advisory on every ingest cycle and will trigger a patched-image rebuild automatically once a remediated version is released. For customers with auto-remediation enabled, that rebuild will be followed by a regression-test run and a PR opened against affected workloads. In the interim, compensating controls worth considering include network-policy rules that restrict which clients can reach the remotion service, egress filtering to limit what the process can write outside its intended working directory, and feature-flag gating to disable the affected functionality until a patch is available.
- n/a / n/an/a
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H