CVE-2026-27974

Audiobookshelf is a self-hosted audiobook and podcast server. A cross-site scripting (XSS) vulnerability exists in versions prior to 0.12.0-beta of the Audiobookshelf mobile application that allows arbitrary JavaScript execution through malicious library metadata. Attackers with library modification privileges (or control over a malicious podcast RSS feed) can execute code in victim users' WebViews, potentially leading to session hijacking, data exfiltration, and unauthorized access to native device APIs. audiobookshelf-app version 0.12.0-beta fixes the issue.

CVSS v3 4.8 MEDIUM

4.8^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.7 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://github.com/advplyr/audiobookshelf-app/commit/bab95530c8c3d7a4b4cec5b059da8b79ad50223e	Patch
https://github.com/advplyr/audiobookshelf/security/advisories/GHSA-8c9r-pvrj-vcf5	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:audiobookshelf:audiobookshelf_mobile_app:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2026-02-26 03:16

Updated : 2026-03-12 20:23

NVD link : CVE-2026-27974

Mitre link : CVE-2026-27974

CVE.ORG link : CVE-2026-27974

JSON object : View

Products Affected

audiobookshelf

audiobookshelf_mobile_app

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2026-27974", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 1.7}]}, "published": "2026-02-26T03:16:04.970", "references": [{"url": "https://github.com/advplyr/audiobookshelf-app/commit/bab95530c8c3d7a4b4cec5b059da8b79ad50223e", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/advplyr/audiobookshelf/security/advisories/GHSA-8c9r-pvrj-vcf5", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Audiobookshelf is a self-hosted audiobook and podcast server. A cross-site scripting (XSS) vulnerability exists in versions prior to 0.12.0-beta of the Audiobookshelf mobile application that allows arbitrary JavaScript execution through malicious library metadata. Attackers with library modification privileges (or control over a malicious podcast RSS feed) can execute code in victim users' WebViews, potentially leading to session hijacking, data exfiltration, and unauthorized access to native device APIs. audiobookshelf-app version 0.12.0-beta fixes the issue."}, {"lang": "es", "value": "Audiobookshelf es un servidor de audiolibros y podcasts autoalojado. Una vulnerabilidad de cross-site scripting (XSS) existe en versiones anteriores a la 0.12.0-beta de la aplicaci\u00f3n m\u00f3vil de Audiobookshelf que permite la ejecuci\u00f3n arbitraria de JavaScript a trav\u00e9s de metadatos de biblioteca maliciosos. Atacantes con privilegios de modificaci\u00f3n de biblioteca (o control sobre un feed RSS de podcast malicioso) pueden ejecutar c\u00f3digo en los WebViews de los usuarios v\u00edctimas, lo que podr\u00eda llevar al secuestro de sesi\u00f3n, exfiltraci\u00f3n de datos y acceso no autorizado a las API de dispositivos nativos. La versi\u00f3n 0.12.0-beta de audiobookshelf-app soluciona el problema."}], "lastModified": "2026-03-12T20:23:44.720", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:audiobookshelf:audiobookshelf_mobile_app:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BB5F33E7-D91F-4887-9CA4-59CF349DC460", "versionEndExcluding": "0.12.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}