NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-42888

Summary	Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the podcast creation endpoint at server/controllers/PodcastController.js accepts a user-controlled file path without sufficient boundary validation to ensure it remains within the intended library directory. This vulnerability is fixed in 2.32.2.
Publication Date	May 12, 2026, 6:19 a.m.
Registration Date	May 13, 2026, 4:11 a.m.
Last Update	May 13, 2026, 12:13 a.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://github.com/advplyr/audiobookshelf/security/advisories/GHSA-phch-9734-wrp3	security-advisories@github.com

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-22	パス・トラバーサル	https://cwe.mitre.org/data/definitions/22.html