Skip to main content

Xiaomusic

1 CVEs product

Monthly

CVE-2026-10108 PyPI HIGH PATCH GHSA This Week

{file_path:path} endpoint. The flaw stems from comparing an attacker-controlled absolute path against the music base path without a trailing separator, so sibling directories sharing the base name's prefix are reachable. No public exploit identified at time of analysis, but the upstream commit publicly discloses the exact bypass technique.

Path Traversal Xiaomusic
NVD GitHub
CVSS 4.0
8.7
EPSS
0.2%
EPSS 0% CVSS 8.7
HIGH PATCH This Week

{file_path:path} endpoint. The flaw stems from comparing an attacker-controlled absolute path against the music base path without a trailing separator, so sibling directories sharing the base name's prefix are reachable. No public exploit identified at time of analysis, but the upstream commit publicly discloses the exact bypass technique.

Path Traversal Xiaomusic
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy