CVE-2026-26828

Published: Mar 23, 2026 Last Modified: Mar 23, 2026

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 7,5

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Scope: unchanged

Confidentiality: none

Integrity: none

Availability: high

Description

AI Translation Available

A NULL pointer dereference in the daap_reply_playlists function (src/httpd_daap.c) of owntone-server commit 3d1652d allows attackers to cause a Denial of Service (DoS) via sending a crafted DAAP request to the server

476

NULL Pointer Dereference

Stable

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Availability Integrity Confidentiality

Potential Impacts:

Dos: Crash, Exit, Or Restart Execute Unauthorized Code Or Commands Read Memory Modify Memory

Applicable Platforms

Languages: C, C#, C++, Go, Java

Likelihood of Exploit: Medium

View CWE Details

https://github.com/archersec/security-advisories/blob/maste…

https://github.com/archersec/security-advisories/blob/master/owntone-server/own…

https://github.com/owntone/owntone-server/commit/9ac54f0b42…

https://github.com/owntone/owntone-server/commit/9ac54f0b42491c4862791db4c5368f…

https://github.com/owntone/owntone-server/issues/1961

CVE-2026-26828

Description

NULL Pointer Dereference

Common Consequences

Applicable Platforms

Iscriviti alla newsletter