Opds Talon
CVE-2026-26097
MEDIUM
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Lifecycle Timeline
2DescriptionCVE.org
Uncontrolled Search Path Element in Owl opds 2.2.0.4 allows Leveraging/Manipulating Configuration File Search Paths via a crafted network request.
AnalysisAI
Opds Talon 2.2.0.4 contains an uncontrolled search path vulnerability that allows local attackers with user privileges to manipulate configuration file search paths through crafted requests, potentially enabling unauthorized modification of application behavior. An attacker could exploit this to alter critical configuration settings without elevated permissions. No patch is currently available for this vulnerability.
Technical ContextAI
Classified as CWE-427 (Uncontrolled Search Path Element). Affects Opds-Talon. Uncontrolled Search Path Element in Owl opds 2.2.0.4 allows Leveraging/Manipulating Configuration File Search Paths via a crafted network request.
RemediationAI
Monitor vendor advisories for a patch.
More in Opds Talon
View allCommand injection in Owl OPDS 2.2.0.4. EPSS 0.29%.
Command injection in Owl OPDS 2.2.0.4 — duplicate of CVE-2026-26093.
Opds-Talon versions up to 2.2.0.4 is affected by incorrect permission assignment for critical resource (CVSS 7.8).
Opds-Talon versions up to 2.2.0.4 is affected by incorrect permission assignment for critical resource (CVSS 7.8).
Opds-Talon versions up to 2.2.0.4 is affected by incorrect permission assignment for critical resource (CVSS 5.5).
Owl OPDS 2.2.0.4 contains an uncontrolled search path vulnerability that allows local authenticated attackers to manipul
Opds Talon 2.2.0.4 contains an uncontrolled search path vulnerability that allows local authenticated attackers to manip
Opds-Talon versions up to 2.2.0.4 is affected by incorrect permission assignment for critical resource (CVSS 5.5).
Opds-Talon versions up to 2.2.0.4 is affected by incorrect permission assignment for critical resource (CVSS 5.5).
Same weakness CWE-427 – Uncontrolled Search Path Element
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today