Path Traversal in Advplyr Audiobookshelf

CVE-2026-42888

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the podcast creation endpoint at server/controllers/PodcastController.js accepts a user-controlled file path without sufficient boundary validation to ensure it…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.001 (19.2th percentile) — read the EPSS interpretation.