{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/owntone-server/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["medium"],"_cs_tags":["cve-2026-26828","denial-of-service","owntone-server"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2026-26828 describes a NULL pointer dereference vulnerability in the \u003ccode\u003edaap_reply_playlists\u003c/code\u003e function (src/httpd_daap.c) of owntone-server. The vulnerability resides in commit 3d1652d of the owntone-server project. Attackers can exploit this vulnerability by sending a crafted Digital Audio Access Protocol (DAAP) request to the server, leading to a denial-of-service (DoS) condition. This vulnerability allows unauthenticated remote attackers to disrupt the availability of the owntone-server…\u003c/p\u003e\n","date_modified":"2026-03-24T12:00:00Z","date_published":"2026-03-24T12:00:00Z","id":"/briefs/2026-03-owntone-dos/","summary":"A NULL pointer dereference vulnerability in the daap_reply_playlists function of owntone-server allows attackers to cause a Denial of Service (DoS) by sending a crafted DAAP request.","title":"OwnTone Server DAAP Request NULL Pointer Dereference Denial-of-Service (CVE-2026-26828)","url":"https://feed.craftedsignal.io/briefs/2026-03-owntone-dos/"}],"language":"en","title":"CraftedSignal Threat Feed — Owntone-Server","version":"https://jsonfeed.org/version/1.1"}