What is the CVSS score of EUVD-2026-29206?

EUVD-2026-29206 has a CVSS 3.1 base score of 6.5 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. EPSS exploitation probability: 0.0%.

Is there a patch available for EUVD-2026-29206?

Yes, a patch is available for EUVD-2026-29206. Update the affected software to the latest version immediately.

Audiobookshelf EUVD-2026-29206

| CVE-2026-42883 MEDIUM

Incorrect Authorization (CWE-863)

2026-05-11 GitHub_M

Authentication Bypass Audiobookshelf

6.5

CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

6.5 MEDIUM

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Patch available

May 11, 2026 - 21:03 EUVD

Analysis Generated

May 11, 2026 - 20:31 vuln.today

CVE Published

May 11, 2026 - 19:51 nvd

MEDIUM 6.5

DescriptionGitHub Advisory

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the GET /api/libraries/:id/download endpoint validates that the requesting user has access to the library specified in the URL path, but fetches downloadable items solely by attacker-provided IDs without constraining them to that library. An authenticated user with download permission and access to any one library can exfiltrate the full file contents of items belonging to any other library, including libraries they are explicitly denied access to. This vulnerability is fixed in 2.32.2.

AnalysisAI

Authenticated users with download permissions in Audiobookshelf prior to 2.32.2 can download files from libraries they do not have access to by directly specifying item IDs in the GET /api/libraries/:id/download endpoint, bypassing library access controls. An attacker with valid credentials and access to any single library can exfiltrate complete file contents from restricted libraries, including those explicitly denied to them.

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon

Authenticate to Audiobookshelf

Delivery

Obtain valid sessionToken/credentials

Exploit

Discover target item ID via reconnaissance

Install

Send GET request to /api/libraries/[authorized_lib_id]/download with itemId=[target_lib_item_id]

Server validates access to authorized library only

Execute

Server retrieves and returns file from unauthorized library

Impact

Attacker receives full file contents

Recon

Authenticate to Audiobookshelf

Delivery

Obtain valid sessionToken/credentials

Exploit

Discover target item ID via reconnaissance

Install

Send GET request to /api/libraries/[authorized_lib_id]/download with itemId=[target_lib_item_id]

Server validates access to authorized library only

Execute

Server retrieves and returns file from unauthorized library

Impact

Attacker receives full file contents

Vulnerability AssessmentAI

Exploitation	The attacker must be an authenticated user with download permissions granted for at least one library in the Audiobookshelf instance. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	CVSS 6.5 (Network, Low Complexity, Low Privilege) with High Confidentiality Impact reflects realistic risk: the vulnerability requires valid authentication and download permission (non-zero privilege requirement) but is otherwise straightforward to exploit remotely without user interaction. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An authenticated user with download permissions for Library A logs into Audiobookshelf and discovers the item ID of a restricted file in Library B (via error messages, metadata leakage, or prior reconnaissance). The attacker directly requests GET /api/libraries/[LibraryA_ID]/download?itemId=[LibraryB_item_ID], and the server validates their access to Library A, then fetches and returns the full contents of the Library B file without re-checking authorization. …
Remediation	Upgrade Audiobookshelf to version 2.32.2 or later immediately, as the vendor has released a patched version that corrects the authorization bypass. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

EUVD-2026-29206 vulnerability details – vuln.today

Back

Audiobookshelf EUVD-2026-29206

Severity by source

CVSS VectorGitHub Advisory

Lifecycle Timeline

DescriptionGitHub Advisory

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

Share

External POC / Exploit Code