Opds Talon
CVE-2026-26099
MEDIUM
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Lifecycle Timeline
2DescriptionCVE.org
Uncontrolled Search Path Element in Owl opds 2.2.0.4 allows Leveraging/Manipulating Configuration File Search Paths via a crafted network request.
AnalysisAI
Owl OPDS 2.2.0.4 contains an uncontrolled search path vulnerability that allows local authenticated attackers to manipulate configuration file search paths through a crafted request, potentially leading to unauthorized modification of application behavior or settings. With no available patch, this medium-severity issue (CVSS 5.5) poses a risk to systems running the affected version where local user access is possible.
Technical ContextAI
Classified as CWE-427 (Uncontrolled Search Path Element). Affects Opds-Talon. Uncontrolled Search Path Element in Owl opds 2.2.0.4 allows Leveraging/Manipulating Configuration File Search Paths via a crafted network request.
RemediationAI
Monitor vendor advisories for a patch.
More in Opds Talon
View allCommand injection in Owl OPDS 2.2.0.4. EPSS 0.29%.
Command injection in Owl OPDS 2.2.0.4 — duplicate of CVE-2026-26093.
Opds-Talon versions up to 2.2.0.4 is affected by incorrect permission assignment for critical resource (CVSS 7.8).
Opds-Talon versions up to 2.2.0.4 is affected by incorrect permission assignment for critical resource (CVSS 7.8).
Opds-Talon versions up to 2.2.0.4 is affected by incorrect permission assignment for critical resource (CVSS 5.5).
Opds Talon 2.2.0.4 contains an uncontrolled search path vulnerability that allows local authenticated attackers to manip
Opds Talon 2.2.0.4 contains an uncontrolled search path vulnerability that allows local attackers with user privileges t
Opds-Talon versions up to 2.2.0.4 is affected by incorrect permission assignment for critical resource (CVSS 5.5).
Opds-Talon versions up to 2.2.0.4 is affected by incorrect permission assignment for critical resource (CVSS 5.5).
Same weakness CWE-427 – Uncontrolled Search Path Element
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today