Description
Music Assistant is an open-source media library manager that integrates streaming services with connected speakers. Versions 2.6.3 and below allow unauthenticated network-adjacent attackers to execute arbitrary code on affected installations. The music/playlists/update API allows users to bypass the .m3u extension enforcement and write files anywhere on the filesystem, which is exacerbated by the container running as root. This can be exploited to achieve Remote Code Execution by writing a malicious .pth file to the Python site-packages directory, which will execute arbitrary commands when Python loads. This issue has been fixed in version 2.7.0.
Published: 2026-02-20
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

The music/playlists/update API in Music Assistant allows unauthenticated network‑adjacent attackers to bypass the enforced file extension check for playlist files. By specifying arbitrary file paths, an attacker can overwrite any file on the host filesystem. Because the container runs as root, they can place a malicious .pth loader in the Python site‑packages directory, causing Python to execute arbitrary code when it loads. This vulnerability enables remote code execution with full host privileges.

Affected Systems

Users running Music Assistant server versions 2.6.3 or earlier are affected. The issue was addressed in release 2.7.0, which removes the unsafe file‑write capability and tightens path validation and extension enforcement.

Risk and Exploitability

The CVSS score of 8.8 indicates high severity, while the EPSS score below 1% suggests a low probability of widespread exploitation at present. The vulnerability is not listed in the CISA KEV catalog. Attackers can exploit the flaw remotely by accessing the API endpoint without authentication, which is often exposed over local network connections. Because the container operates as root and the API performs unrestricted file writes, successful exploitation grants full control over the host system.

Generated by OpenCVE AI on April 18, 2026 at 11:36 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade music‑assistant server to version 2.7.0 or later, which removes the vulnerable API endpoint and enforces safe file handling
  • If upgrade is not immediately possible, restrict API access to trusted internal networks or require authentication before allowing playlist updates
  • Run the music‑assistant container with non‑root privileges to limit the impact of any remaining file‑write capabilities

Generated by OpenCVE AI on April 18, 2026 at 11:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 17 Mar 2026 21:15:00 +0000

Type Values Removed Values Added
First Time appeared Music-assistant music Assistant Server
CPEs cpe:2.3:a:music-assistant:music_assistant_server:*:*:*:*:*:*:*:*
Vendors & Products Music-assistant music Assistant Server

Fri, 20 Feb 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 20 Feb 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Music-assistant
Music-assistant server
Vendors & Products Music-assistant
Music-assistant server

Fri, 20 Feb 2026 01:00:00 +0000

Type Values Removed Values Added
Description Music Assistant is an open-source media library manager that integrates streaming services with connected speakers. Versions 2.6.3 and below allow unauthenticated network-adjacent attackers to execute arbitrary code on affected installations. The music/playlists/update API allows users to bypass the .m3u extension enforcement and write files anywhere on the filesystem, which is exacerbated by the container running as root. This can be exploited to achieve Remote Code Execution by writing a malicious .pth file to the Python site-packages directory, which will execute arbitrary commands when Python loads. This issue has been fixed in version 2.7.0.
Title Music Assistant Server Path Traversal in Playlist Update API Allows Remote Code Execution
Weaknesses CWE-22
CWE-434
CWE-73
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Music-assistant Music Assistant Server Server
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-02-20T15:35:58.447Z

Reserved: 2026-02-16T22:20:28.612Z

Link: CVE-2026-26975

cve-icon Vulnrichment

Updated: 2026-02-20T15:29:22.588Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-20T01:16:00.273

Modified: 2026-03-17T21:03:07.173

Link: CVE-2026-26975

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T11:45:44Z

Weaknesses