Musicplayerdaemon Mpd
4 CVEs affecting Musicplayerdaemon Mpd. Latest disclosed: 2026-05-28. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-49127 | High | 8.6 | 2026-05-28 | Music Player Daemon (MPD) before version 0.24.11 contains a stack buffer overflow vulnerability in the pcm_unpack_24be function in src/pcm/Pack.cxx that allows… |
CVE-2026-49128 | High | 7.5 | 2026-05-28 | Music Player Daemon (MPD) before version 0.24.11 contains a path traversal vulnerability in LocalStorage::MapFSOrThrow and LocalStorage::MapUTF8 within the loc… |
CVE-2026-49129 | Medium | 5.8 | 2026-05-28 | Music Player Daemon (MPD) before version 0.24.11 contains a server-side request forgery vulnerability in CurlInputPlugin where CURLOPT_FOLLOWLOCATION is set wi… |
CVE-2026-49130 | Medium | 5.3 | 2026-05-28 | Music Player Daemon (MPD) before version 0.24.11 contains a CRLF injection vulnerability in the xspf_char_data function within the XSPF playlist plugin that al… |