Music Assistant _update_library_item External Control of File Path Remote Code Execution Vulnerability

Music Assistant contains a high-severity vulnerability (CVE-2026-26975) that allows network-adjacent attackers to execute arbitrary code on affected systems without requiring authentication. This represents a significant risk as successful exploitation could grant attackers complete control over compromised installations. Security teams should prioritize patching Music Assistant immediately and restrict network access to the application until updates are available.