[HIGH] AVideo has an OS Command Injection via $() Shell Substitution Bypass in sanitizeFFmpegCommand()

PKSA-tp22-rjkg-27h5 CVE-2026-33482 GHSA-pmj8-r2j7-xg6c

Affected package: wwbn/avideo

Affected version: <=26.0

Reported by:
GitHub