VYPR

xiaomusic

by Xiaomusic

CVEs (1)

  • CVE-2026-10108HigMay 29, 2026
    risk 0.42cvss 7.5epss 0.01

    xiaomusic v0.5.7 contains an unauthenticated path traversal vulnerability in the GET /music/{file_path:path} endpoint that allows unauthenticated attackers to read arbitrary files outside the intended music directory by exploiting an incomplete path prefix check. Attackers can…