Opds Talon
CVE-2026-26098
MEDIUM
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Lifecycle Timeline
2DescriptionCVE.org
Uncontrolled Search Path Element in Owl opds 2.2.0.4 allows Leveraging/Manipulating Configuration File Search Paths via a crafted network request.
AnalysisAI
Opds Talon 2.2.0.4 contains an uncontrolled search path vulnerability that allows local authenticated attackers to manipulate configuration file search paths through crafted requests, potentially leading to unauthorized modification of application behavior. With no available patch and an EPSS score of 0%, this vulnerability currently poses minimal exploitation risk but could allow privilege escalation or security bypass for users with local access to the system.
Technical ContextAI
Classified as CWE-427 (Uncontrolled Search Path Element). Affects Opds-Talon. Uncontrolled Search Path Element in Owl opds 2.2.0.4 allows Leveraging/Manipulating Configuration File Search Paths via a crafted network request.
RemediationAI
Monitor vendor advisories for a patch.
More in Opds Talon
View allCommand injection in Owl OPDS 2.2.0.4. EPSS 0.29%.
Command injection in Owl OPDS 2.2.0.4 — duplicate of CVE-2026-26093.
Opds-Talon versions up to 2.2.0.4 is affected by incorrect permission assignment for critical resource (CVSS 7.8).
Opds-Talon versions up to 2.2.0.4 is affected by incorrect permission assignment for critical resource (CVSS 7.8).
Opds-Talon versions up to 2.2.0.4 is affected by incorrect permission assignment for critical resource (CVSS 5.5).
Owl OPDS 2.2.0.4 contains an uncontrolled search path vulnerability that allows local authenticated attackers to manipul
Opds Talon 2.2.0.4 contains an uncontrolled search path vulnerability that allows local attackers with user privileges t
Opds-Talon versions up to 2.2.0.4 is affected by incorrect permission assignment for critical resource (CVSS 5.5).
Opds-Talon versions up to 2.2.0.4 is affected by incorrect permission assignment for critical resource (CVSS 5.5).
Same weakness CWE-427 – Uncontrolled Search Path Element
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today