Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Useful 0 Not Useful 0

Executive Summary

CVE-2026-42886 is a memory amplification denial-of-service (DoS) vulnerability in the Audiobookshelf application versions prior to 2.32.2. It occurs in the backup upload functionality, specifically at the POST /api/backups/upload endpoint.

The vulnerability arises because the 'details' entry from an uploaded .audiobookshelf ZIP file is decompressed entirely into memory without any limit on its decompressed size. Additionally, the upload middleware does not impose any file size limits.

An attacker with admin privileges can exploit this by uploading a specially crafted ZIP file containing a highly compressed 'details' entry. When decompressed, this entry consumes hundreds of megabytes or even gigabytes of memory, causing the server process to crash due to out-of-memory errors.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can cause a denial-of-service condition by crashing the Audiobookshelf server process through out-of-memory errors.

Since the decompression consumes excessive memory, it can disrupt service availability, potentially leading to downtime or degraded performance.

Exploitation requires admin privileges, so the impact is limited to users who already have high-level access, but it can still be used maliciously to disrupt operations.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by monitoring for out-of-memory (OOM) crashes or unusually high memory usage on the audiobookshelf server process, especially when handling backup uploads.

Since the issue arises from the POST /api/backups/upload endpoint processing large or crafted ZIP files, you can inspect logs or network traffic for large or suspicious backup upload requests.

Suggested commands to detect potential exploitation or symptoms include:

• Use system monitoring tools like 'top' or 'htop' to observe memory usage spikes of the audiobookshelf process.
• Check system logs for OOM killer events: `dmesg | grep -i 'out of memory'` or `journalctl -k | grep -i oom`.
• Inspect web server or application logs for POST requests to /api/backups/upload with large payloads.
• Use network monitoring tools like 'tcpdump' or 'wireshark' to capture and analyze HTTP POST requests to the backup upload endpoint.

Useful 0 Not Useful 0

Mitigation Strategies

The primary mitigation is to upgrade audiobookshelf to version 2.32.2 or later, where this vulnerability is fixed.

Additional immediate steps include:

• Implement size checks on the 'details' entry within uploaded ZIP files to limit decompression size (e.g., restrict to 10MB).
• Configure the upload middleware to enforce a maximum file size limit (e.g., 4GB) to prevent arbitrarily large uploads.
• Restrict admin user access to trusted personnel only, as exploitation requires admin privileges.
• Monitor server memory usage and logs for signs of exploitation attempts.

Useful 0 Not Useful 0