A vulnerability was found in Xreader . It has been declared as critical . This impacts the function ev_spawn of the file ev-application.c . The manipulation results in command injection. This vulnerability is cataloged as CVE-2026-46529 . The attack may be launched remotely. There is no exploit available. A patch should be applied to remediate this issue.