Product

Xiaomusic

1 brief RSS

xiaomusic Path Traversal Vulnerability (CVE-2026-10108)

xiaomusic v0.5.7 contains an unauthenticated path traversal vulnerability (CVE-2026-10108) in the GET /music/{file_path:path} endpoint, allowing unauthenticated attackers to read arbitrary files outside the intended music directory by exploiting an incomplete path prefix check.

xiaomusic path-traversal web-application CVE-2026-10108

2r 1t 1c 22h ago