Description
Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the podcast creation endpoint at server/controllers/PodcastController.js accepts a user-controlled file path without sufficient boundary validation to ensure it remains within the intended library directory. This vulnerability is fixed in 2.32.2.
Published: 2026-05-11
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Audiobookshelf contains a path‑traversal vulnerability in its podcast creation endpoint, allowing an attacker to specify a file path that the server resolves without restricting it to the intended library directory. This enables disclosure of arbitrary files outside the library, such as configuration files or system data, thereby compromising confidentiality. The weakness is cataloged as CWE‑22.

Affected Systems

The flaw impacts the audiobookshelf self‑hosted audiobook and podcast server released by advplyr, specifically any instance running a version earlier than 2.32.2. Users of these unpatched versions are susceptible, while newer releases are protected.

Risk and Exploitability

The vulnerability carries a CVSS score of 6.9, indicating moderate severity for confidentiality loss. An attacker can exploit the flaw by sending a crafted request to the podcast creation endpoint with a relative path containing traversal sequences (e.g., ../../). The attack vector is inferred to be network‑based, requiring access to the public API, and no EPSS figure or KEV listing is available, though the risk remains present in any exposed deployment.

Generated by OpenCVE AI on May 11, 2026 at 22:09 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Audiobookshelf to version 2.32.2 or later.
  • If an immediate upgrade is not possible, modify the podcast creation endpoint so that any supplied file path is resolved against the library root and rejected if it resolves outside that directory.
  • Ensure that only authenticated and authorized users can invoke the podcast creation API, thereby limiting exposure of the vulnerable functionality.

Generated by OpenCVE AI on May 11, 2026 at 22:09 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 12 May 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 11 May 2026 23:45:00 +0000

Type Values Removed Values Added
First Time appeared Advplyr
Advplyr audiobookshelf
Vendors & Products Advplyr
Advplyr audiobookshelf

Mon, 11 May 2026 20:45:00 +0000

Type Values Removed Values Added
Description Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the podcast creation endpoint at server/controllers/PodcastController.js accepts a user-controlled file path without sufficient boundary validation to ensure it remains within the intended library directory. This vulnerability is fixed in 2.32.2.
Title Audiobookshelf: Path Traversal vulnerability in the audiobookshelf project
Weaknesses CWE-22
References
Metrics cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Advplyr Audiobookshelf
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-12T16:33:52.322Z

Reserved: 2026-04-30T18:49:06.712Z

Link: CVE-2026-42888

cve-icon Vulnrichment

Updated: 2026-05-12T16:33:47.748Z

cve-icon NVD

Status : Deferred

Published: 2026-05-11T21:19:00.840

Modified: 2026-05-12T15:13:21.560

Link: CVE-2026-42888

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-11T23:30:02Z

Weaknesses