Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionGitHub Advisory
Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the podcast creation endpoint at server/controllers/PodcastController.js accepts a user-controlled file path without sufficient boundary validation to ensure it remains within the intended library directory. This vulnerability is fixed in 2.32.2.
Analysis
Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the podcast creation endpoint at server/controllers/PodcastController.js accepts a user-controlled file path without sufficient boundary validation to ensure it remains within the intended library directory. This vulnerability is fixed in 2.32.2.
More in Audiobookshelf
View allAudiobookshelf is a self-hosted audiobook and podcast server. Rated high severity (CVSS 8.2), this vulnerability is remo
Audiobookshelf is a self-hosted audiobook and podcast server. Rated medium severity (CVSS 6.9), this vulnerability is re
Audiobookshelf is a self-hosted audiobook and podcast server. Rated medium severity (CVSS 6.5), this vulnerability is re
Audiobookshelf is a self-hosted audiobook and podcast server. Rated medium severity (CVSS 6.5), this vulnerability is re
Stored XSS in Audiobookshelf prior to version 2.32.0 enables privileged users to inject malicious code into library meta
Audiobookshelf is a self-hosted audiobook and podcast server. Rated medium severity (CVSS 4.8), this vulnerability is re
audiobookshelf is a self-hosted audiobook and podcast server. Rated medium severity (CVSS 4.3), this vulnerability is re
Audiobookshelf is a self-hosted audiobook and podcast server. Rated high severity (CVSS 7.5), this vulnerability is remo
Audiobookshelf is a self-hosted audiobook and podcast server. Rated high severity (CVSS 7.5), this vulnerability is remo
Authenticated users with download permissions in Audiobookshelf prior to 2.32.2 can download files from libraries they d
Denial-of-service in Audiobookshelf prior to version 2.32.2 allows authenticated admin users to crash the server by uplo
Stored cross-site scripting (XSS) in Audiobookshelf prior to 2.33.0 allows authenticated administrators to inject malici
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-29297