8 matches found
CVE-2026-23877
Swing Music is a self-hosted music player for local audio files. Prior to version 2.1.4, Swing Music's listfolders function in the /folder/dir-browser endpoint is vulnerable to directory traversal attacks. Any authenticated user including non-admin can browse arbitrary directories on the server...
CVE-2026-23877
Swing Music is a self-hosted music player for local audio files. Prior to version 2.1.4, Swing Music's listfolders function in the /folder/dir-browser endpoint is vulnerable to directory traversal attacks. Any authenticated user including non-admin can browse arbitrary directories on the server...
CVE-2026-23877
Swing Music is a self-hosted music player for local audio files. Prior to version 2.1.4, Swing Music's listfolders function in the /folder/dir-browser endpoint is vulnerable to directory traversal attacks. Any authenticated user including non-admin can browse arbitrary directories on the server...
CVE-2026-23877 Directory Traversal & Filesystem can be accessed by a non-admin user
Swing Music is a self-hosted music player for local audio files. Prior to version 2.1.4, Swing Music's listfolders function in the /folder/dir-browser endpoint is vulnerable to directory traversal attacks. Any authenticated user including non-admin can browse arbitrary directories on the server...
CVE-2026-23877 Directory Traversal & Filesystem can be accessed by a non-admin user
Swing Music is a self-hosted music player for local audio files. Prior to version 2.1.4, Swing Music's listfolders function in the /folder/dir-browser endpoint is vulnerable to directory traversal attacks. Any authenticated user including non-admin can browse arbitrary directories on the server...
CVE-2026-23877
Swing Music (self-hosted) exposes a directory traversal flaw in the /folder/dir-browser/list_folders pathway. The github-advisory and CVE notes show that the list_folders() function accepts crafted paths and lacks proper authorization, allowing any authenticated user, including non-admins, to bro...
CVE-2026-23877 Directory Traversal & Filesystem can be accessed by a non-admin user
Swing Music is a self-hosted music player for local audio files. Prior to version 2.1.4, Swing Music's listfolders function in the /folder/dir-browser endpoint is vulnerable to directory traversal attacks. Any authenticated user including non-admin can browse arbitrary directories on the server...
PT-2026-3505
Name of the Vulnerable Software and Affected Versions Swing Music versions prior to 2.1.4 Description Swing Music is a self-hosted music player for local audio files. The list folders function within the /folder/dir-browser API endpoint is susceptible to directory traversal attacks. Authenticated...