CVE-2026-26975
Published: 20 February 2026
Summary
CVE-2026-26975 is a high-severity Path Traversal (CWE-22) vulnerability in Music-Assistant Music Assistant Server. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 13.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Validates inputs to the music/playlists/update API to prevent path traversal, extension bypass, and arbitrary file writes leading to RCE.
Enforces authentication and authorization requirements for the music/playlists/update API to block unauthenticated network-adjacent access.
Restricts the Music Assistant container process to least privilege, preventing full RCE impact from malicious .pth files even if written to site-packages.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct unauthenticated exploitation of the vulnerable music/playlists/update API (public-facing web service) enables arbitrary file write; payload delivered as malicious .pth file into Python site-packages for automatic code execution on module load.
NVD Description
Music Assistant is an open-source media library manager that integrates streaming services with connected speakers. Versions 2.6.3 and below allow unauthenticated network-adjacent attackers to execute arbitrary code on affected installations. The music/playlists/update API allows users to bypass the .m3u extension…
more
enforcement and write files anywhere on the filesystem, which is exacerbated by the container running as root. This can be exploited to achieve Remote Code Execution by writing a malicious .pth file to the Python site-packages directory, which will execute arbitrary commands when Python loads. This issue has been fixed in version 2.7.0.
Deeper analysisAI
CVE-2026-26975 is a critical vulnerability in Music Assistant, an open-source media library manager that integrates streaming services with connected speakers. It affects versions 2.6.3 and below, where the music/playlists/update API allows bypassing .m3u extension enforcement. This enables arbitrary file writes anywhere on the filesystem, exacerbated by the container running as root.
Unauthenticated network-adjacent attackers can exploit this flaw to achieve remote code execution. By writing a malicious .pth file to the Python site-packages directory, attackers cause arbitrary commands to execute when Python loads modules. The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and is linked to CWEs-22 (path traversal), CWE-73 (external control of file name or path), and CWE-434 (unrestricted upload of file with dangerous type).
The issue was addressed in Music Assistant version 2.7.0. Official mitigation details are available in the GitHub security advisory at GHSA-7jcc-p6xr-835j, the fixing pull request at music-assistant/server/pull/2684, and the release notes for version 2.7.0.
Details
- CWE(s)