A vulnerability classified as critical was found in IINA up to 1.4.2 . Affected is an unknown function of the component URL Handler . Such manipulation leads to argument injection. This vulnerability is listed as CVE-2026-47114 . The attack may be performed from remote. There is no available exploit. Upgrading the affected component is advised.