Threats Tagged 'cve-2026-49128'
View all threats tagged with 'cve-2026-49128'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'cve-2026-49128'
Click on any threat for detailed analysis and mitigation recommendations
CVE-2026-49128: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in MusicPlayerDaemon MPDCVE-2026-49128 0 Music Player Daemon (MPD) before version 0.24.11 contains a path traversal vulnerability in LocalStorage::MapFSOrThrow and LocalStorage::MapUTF8 within the local storage plugin, where the on-disk path is constructed by joining the storage root with a user-supplied URI as plain strings without canonicalization, allowing '..' segments to survive into the resolved path and be flattened by the kernel at openat() time. An unauthenticated attacker can exploit this flaw using the listfiles command to enumerate names, sizes, and modification times of arbitrary directories readable by the MPD process, and the albumart command to read image files in any attacker-chosen directory outside the configured music_directory. Join the discussion | CVE Database V5 | 05/28/2026, 19:02:28 UTC Added: 05/28/2026, 19:53:12 UTC |
Showing 1 to 1 of 1 result