CVE-2026-50234
7.5 HIGHLyrion Music Server 9.2.0 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by exploi...
Published: 2026-06-05 · Last updated: 2026-06-08
Severity and scoring
- CVSS
- 7.5 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- CWE
- CWE-22
Description
Lyrion Music Server 9.2.0 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting directory traversal in the web server context. Attackers can manipulate file path parameters to access sensitive files outside the intended directory structure.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-47368 — A malicious actor with access to the network could exploit a Path Traversal vulnerability found in certain devices running UniFi OS to ob... (8.6 HIGH)
- CVE-2026-45171 — Incomplete input validation and improperly configured folder permissions within Idira Privileged Session Manager (PSM) versions prior to ...
- CVE-2025-24268 — A parsing issue in the handling of directory paths was addressed with improved path validation (5.5 MEDIUM)
- CVE-2026-49982 — tmp is a temporary file and directory creator for node.js (8.2 HIGH)
- CVE-2026-44705 — tmp is a temporary file and directory creator for node.js