CVE-2026-42883
Audiobookshelf Unauthorized File Access Vulnerability
Publication date: 2026-05-11
Last updated on: 2026-05-11
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| advplyr | audiobookshelf | to 2.32.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-863 | The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows an authenticated user with download permissions on one library to exfiltrate full file contents from other libraries they are explicitly denied access to, resulting in unauthorized disclosure of sensitive data.
Such unauthorized data exposure can lead to violations of data protection regulations and standards like GDPR and HIPAA, which mandate strict access controls and confidentiality of personal and sensitive information.
Because the vulnerability compromises confidentiality without affecting integrity or availability, it poses a significant risk to compliance frameworks that require safeguarding data confidentiality.
Can you explain this vulnerability to me?
CVE-2026-42883 is a vulnerability in the Audiobookshelf application versions prior to 2.32.2. It occurs in the GET /api/libraries/:id/download endpoint, which checks if a user has access to a specified library but does not restrict the downloadable items to that library. This means an authenticated user with download permission and access to any one library can download files from other libraries they are not authorized to access.
The root cause is that the system fetches downloadable items based on attacker-provided IDs without enforcing that these items belong to the authorized library, allowing unauthorized access to audiobooks, podcasts, ebooks, and metadata from other libraries.
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized data exfiltration, where an attacker with valid credentials and download permissions for one library can access and download files from other libraries they should not have access to.
The impact is primarily on confidentiality, as sensitive or restricted content from other libraries can be exposed. There is no impact on data integrity or availability.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for suspicious API requests to the GET /api/libraries/:id/download endpoint where the requested item IDs do not belong to the library specified in the URL path.
Specifically, detection involves identifying authenticated users with download permissions making crafted requests that include item IDs from libraries they should not have access to.
Network or application logs can be inspected for such anomalous requests.
While no explicit commands are provided in the resources, a general approach could include using tools like curl or custom scripts to test the endpoint by attempting to download items from libraries the user should not access.
For example, a curl command to test might look like: curl -X GET "https://yourserver/api/libraries/{library_id}/download?itemIds={item_id}" with item_id values from other libraries.
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to upgrade Audiobookshelf to version 2.32.2 or later, where the issue is fixed.
The fix involves adding a libraryId constraint to the database query in the downloadMultiple handler to ensure that only items from the authorized library are returned.
Until the upgrade can be applied, restrict download permissions to trusted users only and monitor for suspicious download activity.