Skip to main content

Audiobookshelf CVE-2026-42885

| EUVD-2026-29208 MEDIUM
Path Traversal (CWE-22)
2026-05-11 GitHub_M
Path Traversal
4.3
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

3
Patch available
May 11, 2026 - 21:03 EUVD
Analysis Generated
May 11, 2026 - 20:31 vuln.today
CVE Published
May 11, 2026 - 19:52 nvd
MEDIUM 4.3

DescriptionNVD

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the POST /api/filesystem/pathexists endpoint uses String.startsWith() to validate that a resolved file path is within a library folder. This check fails for sibling directories whose names share a common prefix (e.g., /audiobooks vs /audiobooks-private), allowing authenticated users with upload permission to probe file existence outside their authorized library folder boundaries. This vulnerability is fixed in 2.32.2.

AnalysisAI

Authenticated users with upload permission in Audiobookshelf prior to 2.32.2 can enumerate files outside their authorized library folder through a path traversal vulnerability in the POST /api/filesystem/pathexists endpoint. The vulnerability exploits a weak String.startsWith() validation that fails to distinguish between sibling directories with shared prefixes (e.g., /audiobooks and /audiobooks-private), allowing information disclosure about file existence across library boundaries despite authentication requirements. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

CVE-2026-42885 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy