2 matches found
CVE-2026-42884
Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the GET /api/collections and GET /api/collections/:id endpoints return collections from all libraries without checking whether the requesting user has access to each collection's library. An authenticated user with...
CVE-2026-42884
Summary: Audiobookshelf (self-hosted server) prior to version 2.32.2 exposes collection data across libraries. The GET /api/collections and GET /api/collections/:id endpoints do not verify the requester’s library access, enabling an authenticated user with access to any library to enumerate and r...