CVE-2026-26829

Published: Mar 23, 2026 Last Modified: Mar 23, 2026

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 7,5

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Scope: unchanged

Confidentiality: none

Integrity: none

Availability: high

Description

AI Translation Available

A NULL pointer dereference in the safe_atou64 function (src/misc.c) of owntone-server through commit c4d57aa allows attackers to cause a Denial of Service (DoS) via sending a series of crafted HTTP requests to the server.

476

NULL Pointer Dereference

Stable

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Availability Integrity Confidentiality

Potential Impacts:

Dos: Crash, Exit, Or Restart Execute Unauthorized Code Or Commands Read Memory Modify Memory

Applicable Platforms

Languages: C, C#, C++, Go, Java

Likelihood of Exploit: Medium

View CWE Details

https://github.com/archersec/poc/tree/master/owntone-server…

https://github.com/archersec/poc/tree/master/owntone-server-2

https://github.com/archersec/security-advisories/blob/maste…

https://github.com/archersec/security-advisories/blob/master/owntone-server/own…

https://github.com/owntone/owntone-server/commit/41e3733ccc…

https://github.com/owntone/owntone-server/commit/41e3733cccd527918a08cf05694c54…

CVE-2026-26829

Description

NULL Pointer Dereference

Common Consequences

Applicable Platforms

Iscriviti alla newsletter