216.73.216.133

CVE-2026-23877

· Published 19/01/2026 21:15 · Modified 19/01/2026 21:15

Labels: CVE-2026-23877 2026-01-19CVE-2026-23877CWE-25[email protected]

Essential information

Published
19/01/2026 21:15
Modified
19/01/2026 21:15
Author
Creator
CVSS
5.3 MEDIUM (v3) 5.3 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Swing Music is a self-hosted music player for local audio files. Prior to version 2.1.4, Swing Music's `list_folders()` function in the `/folder/dir-browser` endpoint is vulnerable to directory traversal attacks. Any authenticated user (including non-admin) can browse arbitrary directories on the server filesystem. Version 2.1.4 fixes the issue.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
swingmusic / swing music cpe:2.3:a:swingmusic:swing_music:<2.1.4:*:*:*:*:*:*:*

References