{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-27974", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-02-25T03:24:57.793Z", "datePublished": "2026-02-26T02:10:30.504Z", "dateUpdated": "2026-02-26T14:42:43.253Z"}, "containers": {"cna": {"title": "Audiobooksheld VUlnerable to Stored XSS in WrappingMarquee.js via Audiobook Metadata (Mobile App Audio Player)", "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "lang": "en", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/advplyr/audiobookshelf/security/advisories/GHSA-8c9r-pvrj-vcf5", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/advplyr/audiobookshelf/security/advisories/GHSA-8c9r-pvrj-vcf5"}, {"name": "https://github.com/advplyr/audiobookshelf-app/commit/bab95530c8c3d7a4b4cec5b059da8b79ad50223e", "tags": ["x_refsource_MISC"], "url": "https://github.com/advplyr/audiobookshelf-app/commit/bab95530c8c3d7a4b4cec5b059da8b79ad50223e"}], "affected": [{"vendor": "advplyr", "product": "audiobookshelf-app", "versions": [{"version": "< 0.12.0-beta", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-26T02:10:30.504Z"}, "descriptions": [{"lang": "en", "value": "Audiobookshelf is a self-hosted audiobook and podcast server. A cross-site scripting (XSS) vulnerability exists in versions prior to 0.12.0-beta of the Audiobookshelf mobile application that allows arbitrary JavaScript execution through malicious library metadata. Attackers with library modification privileges (or control over a malicious podcast RSS feed) can execute code in victim users' WebViews, potentially leading to session hijacking, data exfiltration, and unauthorized access to native device APIs. audiobookshelf-app version 0.12.0-beta fixes the issue."}], "source": {"advisory": "GHSA-8c9r-pvrj-vcf5", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-26T14:42:26.983819Z", "id": "CVE-2026-27974", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T14:42:43.253Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-27974", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-26T14:42:26.983819Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T14:42:37.538Z"}}], "cna": {"title": "Audiobooksheld VUlnerable to Stored XSS in WrappingMarquee.js via Audiobook Metadata (Mobile App Audio Player)", "source": {"advisory": "GHSA-8c9r-pvrj-vcf5", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "advplyr", "product": "audiobookshelf-app", "versions": [{"status": "affected", "version": "< 0.12.0-beta"}]}], "references": [{"url": "https://github.com/advplyr/audiobookshelf/security/advisories/GHSA-8c9r-pvrj-vcf5", "name": "https://github.com/advplyr/audiobookshelf/security/advisories/GHSA-8c9r-pvrj-vcf5", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/advplyr/audiobookshelf-app/commit/bab95530c8c3d7a4b4cec5b059da8b79ad50223e", "name": "https://github.com/advplyr/audiobookshelf-app/commit/bab95530c8c3d7a4b4cec5b059da8b79ad50223e", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Audiobookshelf is a self-hosted audiobook and podcast server. A cross-site scripting (XSS) vulnerability exists in versions prior to 0.12.0-beta of the Audiobookshelf mobile application that allows arbitrary JavaScript execution through malicious library metadata. Attackers with library modification privileges (or control over a malicious podcast RSS feed) can execute code in victim users' WebViews, potentially leading to session hijacking, data exfiltration, and unauthorized access to native device APIs. audiobookshelf-app version 0.12.0-beta fixes the issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-26T02:10:30.504Z"}}}, "cveMetadata": {"cveId": "CVE-2026-27974", "state": "PUBLISHED", "dateUpdated": "2026-02-26T14:42:43.253Z", "dateReserved": "2026-02-25T03:24:57.793Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-02-26T02:10:30.504Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:audiobookshelf:audiobookshelf_mobile_app:*:*:*:*:*:*:*:*", "matchCriteriaId": "BB5F33E7-D91F-4887-9CA4-59CF349DC460", "versionEndExcluding": "0.12.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Audiobookshelf is a self-hosted audiobook and podcast server. A cross-site scripting (XSS) vulnerability exists in versions prior to 0.12.0-beta of the Audiobookshelf mobile application that allows arbitrary JavaScript execution through malicious library metadata. Attackers with library modification privileges (or control over a malicious podcast RSS feed) can execute code in victim users' WebViews, potentially leading to session hijacking, data exfiltration, and unauthorized access to native device APIs. audiobookshelf-app version 0.12.0-beta fixes the issue."}, {"lang": "es", "value": "Audiobookshelf es un servidor de audiolibros y podcasts autoalojado. Una vulnerabilidad de cross-site scripting (XSS) existe en versiones anteriores a la 0.12.0-beta de la aplicaci\u00f3n m\u00f3vil de Audiobookshelf que permite la ejecuci\u00f3n arbitraria de JavaScript a trav\u00e9s de metadatos de biblioteca maliciosos. Atacantes con privilegios de modificaci\u00f3n de biblioteca (o control sobre un feed RSS de podcast malicioso) pueden ejecutar c\u00f3digo en los WebViews de los usuarios v\u00edctimas, lo que podr\u00eda llevar al secuestro de sesi\u00f3n, exfiltraci\u00f3n de datos y acceso no autorizado a las API de dispositivos nativos. La versi\u00f3n 0.12.0-beta de audiobookshelf-app soluciona el problema."}], "id": "CVE-2026-27974", "lastModified": "2026-03-12T20:23:44.720", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.7, "impactScore": 2.7, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-02-26T03:16:04.970", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/advplyr/audiobookshelf-app/commit/bab95530c8c3d7a4b4cec5b059da8b79ad50223e"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/advplyr/audiobookshelf/security/advisories/GHSA-8c9r-pvrj-vcf5"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}