CVE-2026-26975
Received Received - Intake
Arbitrary File Write in Music Assistant Enables Remote Code Execution

Publication date: 2026-02-20

Last updated on: 2026-03-17

Assigner: GitHub, Inc.

Description
Music Assistant is an open-source media library manager that integrates streaming services with connected speakers. Versions 2.6.3 and below allow unauthenticated network-adjacent attackers to execute arbitrary code on affected installations. The music/playlists/update API allows users to bypass the .m3u extension enforcement and write files anywhere on the filesystem, which is exacerbated by the container running as root. This can be exploited to achieve Remote Code Execution by writing a malicious .pth file to the Python site-packages directory, which will execute arbitrary commands when Python loads. This issue has been fixed in version 2.7.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-20
Last Modified
2026-03-17
Generated
2026-06-16
AI Q&A
2026-02-20
EPSS Evaluated
2026-06-15
NVD
CVE-2026-26975
EUVD
EUVD-2026-8405
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
music-assistant music_assistant_server to 2.7.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-73 The product allows user input to control or influence paths or file names that are used in filesystem operations.
CWE-434 The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-26975 is a high-severity remote code execution vulnerability in Music Assistant versions 2.6.3 and below. It arises because the music/playlists/update API does not properly enforce the .m3u file extension, allowing attackers to write arbitrary files anywhere on the filesystem.

An unauthenticated network-adjacent attacker can exploit this by creating a malicious .pth file in the Python site-packages directory, which executes arbitrary Python code with root privileges when Python starts. This is possible because the Music Assistant container runs as root and the web interface is exposed without authentication.

The attack involves manipulating playlist storage paths and injecting Python code that downloads and executes malicious binaries and scripts, leading to full remote code execution on the affected system.

Impact Analysis

This vulnerability allows an attacker to execute arbitrary code with root privileges on your Music Assistant installation without any authentication or user interaction.

The impact includes complete compromise of the affected system, allowing attackers to install malware, steal data, disrupt services, or use the system as a foothold for further attacks.

Because the container runs as root, the attacker gains full control over the host environment, which can lead to severe confidentiality, integrity, and availability breaches.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring network traffic and API requests to the Music Assistant service, especially on port 8095 where the web interface is exposed without authentication in vulnerable versions (2.6.3 and below). Suspicious HTTP API requests to the `music/playlists/update` endpoint that attempt to write files with extensions other than ".m3u" or target critical filesystem paths (such as Python site-packages directories) may indicate exploitation attempts.'}, {'type': 'paragraph', 'content': 'Commands to detect potential exploitation include inspecting active network connections and HTTP requests to port 8095, for example using tools like tcpdump or Wireshark to filter traffic on that port.'}, {'type': 'list_item', 'content': 'Use tcpdump to capture traffic on port 8095: `tcpdump -i any port 8095 -w capture.pcap`'}, {'type': 'list_item', 'content': 'Use curl or similar tools to check if the API is accessible without authentication: `curl http://<host>:8095/music/playlists/update` and observe if unauthorized access is possible.'}, {'type': 'list_item', 'content': 'Check for suspicious files in the Python site-packages directory, such as unexpected `.pth` files, which may indicate exploitation.'}, {'type': 'paragraph', 'content': 'Additionally, reviewing logs for HTTP 500 errors triggered by malicious API calls or unexpected Python process startups may help identify exploitation attempts.'}] [1]

Mitigation Strategies

The immediate and most effective mitigation is to upgrade Music Assistant to version 2.7.0 or later, where this vulnerability has been fixed by enforcing mandatory authentication on the webserver and API.

If upgrading immediately is not possible, restrict network access to the Music Assistant service port (8095) to trusted users only, for example by firewall rules or network segmentation, to prevent unauthenticated access.

Implement monitoring to detect suspicious API usage and file system changes, especially in the Python site-packages directory.

After upgrading, ensure that authentication is properly configured and that admin accounts are created as required by the new version.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-26975. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart