CVE-2026-42888 | advplyr audiobookshelf up to 2.33.1 Podcast Creation Endpoint PodcastController.js path traversal (GHSA-phch-9734-wrp3)

Inserito da Angelo Barbosa | Mag 12, 2026 | CVE

A vulnerability, which was classified as critical, has been found in advplyr audiobookshelf up to 2.33.1. This affects an unknown function of the file server/controllers/PodcastController.js of the component Podcast Creation Endpoint. The manipulation leads to path traversal.

This vulnerability is traded as CVE-2026-42888. It is possible to initiate the attack remotely. There is no exploit available.

It is advisable to upgrade the affected component.

CVE-2026-42888 | advplyr audiobookshelf up to 2.33.1 Podcast Creation Endpoint PodcastController.js path traversal (GHSA-phch-9734-wrp3)

Post correlati

CVE-2025-68848 | amr cron manager Plugin up to 2.3 on WordPress cross site scripting

CVE-2025-0568 | Sante PACS Server 3.0.4/3.3.7 DCM File Parser denial of service

CVE-2024-1249 | Keycloak checkLoginIframe cross-domain policy

CVE-2025-10967 | MuFen-mker PHP-Usermm up to 37f2d24e51b04346dfc565b93fc2fc6b37bdaea9 /chkuser.php Username sql injection