{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-27973", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-02-25T03:24:57.793Z", "datePublished": "2026-02-26T02:06:49.271Z", "dateUpdated": "2026-02-26T14:45:25.252Z"}, "containers": {"cna": {"title": "Audiobookshelf has Stored XSS in ItemSearchCard.vue via Audiobook Metadata (Search Results on Mobile App)", "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "lang": "en", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/advplyr/audiobookshelf/security/advisories/GHSA-2433-p93m-xhhg", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/advplyr/audiobookshelf/security/advisories/GHSA-2433-p93m-xhhg"}, {"name": "https://github.com/advplyr/audiobookshelf-app/commit/b2c2b625e3cf586562397f4c02e38059f2b8ef5c", "tags": ["x_refsource_MISC"], "url": "https://github.com/advplyr/audiobookshelf-app/commit/b2c2b625e3cf586562397f4c02e38059f2b8ef5c"}], "affected": [{"vendor": "advplyr", "product": "audiobookshelf", "versions": [{"version": "< 2.12.0", "status": "affected"}]}, {"vendor": "advplyr", "product": "audiobookshelf-app", "versions": [{"version": "< 0.12.0-beta", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-26T02:08:00.372Z"}, "descriptions": [{"lang": "en", "value": "Audiobookshelf is a self-hosted audiobook and podcast server. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 0.12.0-beta of the Audiobookshelf mobile application that allows arbitrary JavaScript execution through malicious library metadata. Attackers with library modification privileges can execute code in victim users' browsers/WebViews, potentially leading to session hijacking, data exfiltration, and unauthorized access to native device APIs. The issue is fixed in audiobookshelf-app version 0.12.0-beta, corresponding to audiobookshelf version 2.12.0."}], "source": {"advisory": "GHSA-2433-p93m-xhhg", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-26T14:45:12.893288Z", "id": "CVE-2026-27973", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T14:45:25.252Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-27973", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-26T14:45:12.893288Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T14:45:19.340Z"}}], "cna": {"title": "Audiobookshelf has Stored XSS in ItemSearchCard.vue via Audiobook Metadata (Search Results on Mobile App)", "source": {"advisory": "GHSA-2433-p93m-xhhg", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "advplyr", "product": "audiobookshelf", "versions": [{"status": "affected", "version": "< 2.12.0"}]}, {"vendor": "advplyr", "product": "audiobookshelf-app", "versions": [{"status": "affected", "version": "< 0.12.0-beta"}]}], "references": [{"url": "https://github.com/advplyr/audiobookshelf/security/advisories/GHSA-2433-p93m-xhhg", "name": "https://github.com/advplyr/audiobookshelf/security/advisories/GHSA-2433-p93m-xhhg", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/advplyr/audiobookshelf-app/commit/b2c2b625e3cf586562397f4c02e38059f2b8ef5c", "name": "https://github.com/advplyr/audiobookshelf-app/commit/b2c2b625e3cf586562397f4c02e38059f2b8ef5c", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Audiobookshelf is a self-hosted audiobook and podcast server. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 0.12.0-beta of the Audiobookshelf mobile application that allows arbitrary JavaScript execution through malicious library metadata. Attackers with library modification privileges can execute code in victim users' browsers/WebViews, potentially leading to session hijacking, data exfiltration, and unauthorized access to native device APIs. The issue is fixed in audiobookshelf-app version 0.12.0-beta, corresponding to audiobookshelf version 2.12.0."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-26T02:08:00.372Z"}}}, "cveMetadata": {"cveId": "CVE-2026-27973", "state": "PUBLISHED", "dateUpdated": "2026-02-26T14:45:25.252Z", "dateReserved": "2026-02-25T03:24:57.793Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-02-26T02:06:49.271Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:audiobookshelf:audiobookshelf:*:*:*:*:*:*:*:*", "matchCriteriaId": "018123B2-0D17-47FF-B878-D2FDCAF2BAD7", "versionEndExcluding": "2.12.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:audiobookshelf:audiobookshelf_mobile_app:*:*:*:*:*:*:*:*", "matchCriteriaId": "BB5F33E7-D91F-4887-9CA4-59CF349DC460", "versionEndExcluding": "0.12.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Audiobookshelf is a self-hosted audiobook and podcast server. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 0.12.0-beta of the Audiobookshelf mobile application that allows arbitrary JavaScript execution through malicious library metadata. Attackers with library modification privileges can execute code in victim users' browsers/WebViews, potentially leading to session hijacking, data exfiltration, and unauthorized access to native device APIs. The issue is fixed in audiobookshelf-app version 0.12.0-beta, corresponding to audiobookshelf version 2.12.0."}, {"lang": "es", "value": "Audiobookshelf es un servidor de audiolibros y podcasts autoalojado. Existe una vulnerabilidad de cross-site scripting (XSS) almacenado en versiones anteriores a la 0.12.0-beta de la aplicaci\u00f3n m\u00f3vil Audiobookshelf que permite la ejecuci\u00f3n arbitraria de JavaScript a trav\u00e9s de metadatos de biblioteca maliciosos. Atacantes con privilegios de modificaci\u00f3n de biblioteca pueden ejecutar c\u00f3digo en los navegadores/WebViews de los usuarios v\u00edctimas, lo que podr\u00eda llevar al secuestro de sesi\u00f3n, la exfiltraci\u00f3n de datos y el acceso no autorizado a las API de dispositivos nativos. El problema est\u00e1 solucionado en la versi\u00f3n 0.12.0-beta de audiobookshelf-app, correspondiente a la versi\u00f3n 2.12.0 de audiobookshelf."}], "id": "CVE-2026-27973", "lastModified": "2026-03-12T20:26:51.100", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 2.7, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.7, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-02-26T02:16:24.553", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/advplyr/audiobookshelf-app/commit/b2c2b625e3cf586562397f4c02e38059f2b8ef5c"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://github.com/advplyr/audiobookshelf/security/advisories/GHSA-2433-p93m-xhhg"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,2.12.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "audiobookshelf", "source": "cna", "vendor": "advplyr"}, "product": "audiobookshelf", "vendor": "advplyr"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,0.12.0-beta)"}}], "enrichment": {"confidence": 92.0, "confidence_source": "matching", "scores": [{"score": 92.0, "source": "matching"}]}, "original": {"product": "audiobookshelf-app", "source": "cna", "vendor": "advplyr"}, "product": "audiobookshelf", "vendor": "advplyr"}], "analysis": {"en": {"generated_at": "2026-04-17T14:28:50.746877+00:00", "value": {"mitigation_remediation": ["Upgrade the Audiobookshelf mobile app to version 0.12.0-beta or later", "Upgrade the Audiobookshelf server to version 2.12.0 or later", "Restrict library modification permissions to trusted users or roles so that only authorized users can alter metadata"], "summary": {"action": "Immediate Patch", "impact": "Stored cross\u2011site scripting enabling arbitrary JavaScript execution with potential session hijacking and data exfiltration"}, "threat_synthesis": {"affected_systems": "The flaw exists in the Audiobookshelf mobile application and server versions earlier than 0.12.0-beta (app) and 2.12.0 (server). The affected products are the open\u2011source Audiobookshelf server and its companion mobile app, both provided by advplyr. Users running the mobile app before the 0.12.0-beta release or the server before 2.12.0 are vulnerable. Those who own the app and server with the listed versions, especially if they allow library modification, are impacted.", "description_and_impact": "A stored XSS flaw in the Audiobookshelf mobile client allows an attacker who can modify a library to inject arbitrary JavaScript via audiobook metadata. This code runs in the context of the WebView that renders search results, giving the attacker the same privileges as the user. Successful exploitation could lead to session hijacking, data exfiltration, and unauthorized calls to native device APIs such as microphone or filesystem, as stated.", "risk_and_exploitability": "The CVSS score is 4, indicating moderate severity. The EPSS is below 1\u202f%, implying a low but nonzero likelihood of exploitation. It is not listed in the CISA KEV catalog, so no confirmed exploitation documented. Attackers need the ability to modify library metadata, so the vulnerability requires authenticated privileges; once an attacker has those, the exploit is straightforward and does not require advanced techniques. The risk is moderate with a relatively low exploitation probability."}}}}, "created": "2026-02-26T13:09:49.808755+00:00", "updated": "2026-04-17T14:30:20.832540+00:00", "vendors": ["advplyr", "advplyr$PRODUCT$audiobookshelf"]}