Medium severity4.3NVD Advisory· Published May 11, 2026· Updated May 12, 2026
CVE-2026-42884
CVE-2026-42884
Description
Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the GET /api/collections and GET /api/collections/:id endpoints return collections from all libraries without checking whether the requesting user has access to each collection's library. An authenticated user with access to any library can enumerate and read collections (including full book metadata) from libraries they are explicitly restricted from accessing. This vulnerability is fixed in 2.32.2.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: <2.32.2
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.