CVE-2026-26975 | music-assistant server up to 2.6.x API /music/playlists/update file inclusion (GHSA-7jcc-p6xr-835j)

A vulnerability classified as critical has been found in music-assistant server up to 2.6.x. This impacts an unknown function of the file /music/playlists/update of the component API. This manipulation causes file inclusion.

The identification of this vulnerability is CVE-2026-26975. The attack needs to be done within the local network. There is no exploit available.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More