CVE-2026-25579 | Navidrome up to 0.59.x /rest/getCoverArt size resource consumption (GHSA-hrr4-3wgr-68×3)

Inserito da Angelo Barbosa | Feb 5, 2026 | CVE

A vulnerability identified as problematic has been detected in Navidrome up to 0.59.x. Affected is an unknown function of the file /rest/getCoverArt. Performing a manipulation of the argument size results in resource consumption.

This vulnerability is cataloged as CVE-2026-25579. It is possible to initiate the attack remotely. There is no exploit available.

You should upgrade the affected component.

CVE-2026-25579 | Navidrome up to 0.59.x /rest/getCoverArt size resource consumption (GHSA-hrr4-3wgr-68×3)

Post correlati

CVE-2024-42000 | Mattermost up to 9.5.9/9.10.2/9.11.1/10.0.0 /api/v4/channels authorization

CVE-2023-52239 | Magic xpi Integration Platform 4.13.4 XML Parser onItemImport xml external entity reference

CVE-2025-60915 | Austrian Archaeological Institute OpenAtlas up to 8.11.x Query Parameter /views/file.py size path traversal

CVE-2024-47081 | psf requests URL src/requests/utils.py information disclosure