7.5
CVE-2026-26828
- EPSS 0.34%
- Veröffentlicht 23.03.2026 00:00:00
- Zuletzt bearbeitet 27.04.2026 19:18:46
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
A NULL pointer dereference in the daap_reply_playlists function (src/httpd_daap.c) of owntone-server commit 3d1652d allows attackers to cause a Denial of Service (DoS) via sending a crafted DAAP request to the server
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.34% | 0.255 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-476 NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.
https://github.com/owntone/owntone-server/issues/1961
https://github.com/owntone/owntone-server/commit/9ac54f0b42491c4862791db4c5368ff80c4000d3
https://github.com/archersec/security-advisories/blob/master/owntone-server/owntone-server-advisory-2026.md