CVE-2026-26975 Overview
CVE-2026-26975 is a path traversal vulnerability (CWE-22) in Music Assistant, an open-source media library manager that integrates streaming services with connected speakers. This vulnerability allows unauthenticated network-adjacent attackers to execute arbitrary code on affected installations by exploiting insufficient file path validation in the playlist update API.
Critical Impact
Unauthenticated attackers on the adjacent network can achieve Remote Code Execution by writing malicious files to arbitrary filesystem locations, with the attack surface amplified by the container running with root privileges.
Affected Products
- Music Assistant versions 2.6.3 and below
- Music Assistant server deployments running in containerized environments
- Systems with the music/playlists/update API endpoint accessible on the network
Discovery Timeline
- 2026-02-20 - CVE-2026-26975 published to NVD
- 2026-02-20 - Last updated in NVD database
Technical Details for CVE-2026-26975
Vulnerability Analysis
This vulnerability resides in the music/playlists/update API endpoint within Music Assistant. The core issue stems from improper input validation that allows attackers to bypass the intended .m3u file extension enforcement mechanism. By manipulating the file path parameter, attackers can write files to arbitrary locations on the filesystem rather than being confined to the designated playlist directory.
The severity of this vulnerability is significantly amplified by an architectural decision: the Music Assistant container runs with root privileges. This means that when an attacker exploits the path traversal flaw, they have write access to virtually any location on the filesystem, including sensitive system directories.
Root Cause
The root cause is a classic path traversal vulnerability (CWE-22) resulting from insufficient sanitization of user-supplied file paths. The API fails to properly validate and canonicalize the file path before performing write operations, allowing directory traversal sequences to escape the intended directory structure. The .m3u extension check can be bypassed, enabling attackers to write files with arbitrary extensions to arbitrary locations.
Attack Vector
The attack requires network adjacency—meaning the attacker must be on the same local network segment as the vulnerable Music Assistant installation. No authentication is required to exploit this vulnerability.
The exploitation chain involves:
- Identifying a Music Assistant instance on the adjacent network
- Crafting a malicious request to the music/playlists/update API endpoint with path traversal sequences
- Writing a malicious .pth file to the Python site-packages directory
- The .pth file executes arbitrary Python code when the Python interpreter loads, achieving Remote Code Execution
Python .pth files are automatically processed by the Python interpreter during startup. When placed in the site-packages directory, any import statement or code execution directive within the file will run with the privileges of the Python process—in this case, root privileges due to the container configuration.
For detailed technical information about this vulnerability, refer to the GitHub Security Advisory GHSA-7jcc-p6xr-835j.
Detection Methods for CVE-2026-26975
Indicators of Compromise
- Unexpected .pth files appearing in Python site-packages directories
- Unusual file writes outside of the designated Music Assistant data directories
- API requests to music/playlists/update containing path traversal sequences such as ../ or encoded variants
- New or modified files in system directories that should be read-only
Detection Strategies
- Monitor HTTP/API logs for requests to the music/playlists/update endpoint containing suspicious path characters or encoding
- Implement file integrity monitoring on Python installation directories, particularly site-packages
- Deploy network traffic analysis to detect exploitation attempts from adjacent network segments
- Review container logs for file operations outside expected directories
Monitoring Recommendations
- Configure alerting for any file creation events in Python site-packages directories
- Enable verbose logging for the Music Assistant API to capture full request parameters
- Implement network segmentation monitoring to detect lateral movement attempts
- Set up anomaly detection for API request patterns targeting playlist functionality
How to Mitigate CVE-2026-26975
Immediate Actions Required
- Upgrade Music Assistant to version 2.7.0 or later immediately
- If immediate upgrade is not possible, restrict network access to the Music Assistant instance
- Audit Python site-packages directories for any unauthorized .pth files
- Consider running Music Assistant containers with reduced privileges (non-root user)
Patch Information
The vulnerability has been addressed in Music Assistant version 2.7.0. The fix implements proper path validation to prevent directory traversal attacks through the playlist update API.
- Fixed Version:2.7.0
- Patch Reference:GitHub Pull Request #2684
- Release Notes:GitHub Release 2.7.0
- Security Advisory:GHSA-7jcc-p6xr-835j
Workarounds
- Isolate Music Assistant instances on a dedicated network segment with restricted access
- Implement firewall rules to limit which hosts can communicate with the Music Assistant API
- Deploy a reverse proxy with request filtering to block path traversal patterns in API requests
- Run the Music Assistant container with a non-root user to limit the impact of filesystem writes
# Network isolation example - restrict access to Music Assistant
# Allow only trusted hosts to access the Music Assistant API port
iptables -A INPUT -p tcp --dport 8095 -s 192.168.1.100 -j ACCEPT
iptables -A INPUT -p tcp --dport 8095 -j DROP
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
