CVE-2026-10108

The CVE-2026-10108 entry concerns xiaomusic v0.5.7, with an unauthenticated path traversal vulnerability in GET /music/{file_path:path}. An attacker can read arbitrary files outside the music directory by exploiting an incomplete path prefix check and a missing trailing separator in the compariso...