Home / Vulnerability Intelligence / CVE-2026-27963

CVE-2026-27963 - Vulnerability Analysis

MediumCVSS: 4.8

Last Updated: February 27, 2026

Audiobookshelf - Stored XSS

Published: February 26, 2026Updated: February 27, 2026PoC AvailableRemote Exploitable

Overview

Audiobookshelf < 2.32.0 contains a stored XSS caused by improper sanitization of library metadata, letting attackers with library modification privileges execute arbitrary JavaScript in victim users' browsers, exploit requires library modification privileges.

Severity & Score

Severity: Medium

CVSS Score: 4.8

Impact

Attackers can execute arbitrary JavaScript in users' browsers, potentially leading to session hijacking and data theft.

Mitigation

Upgrade to version 2.32.0 or later.

References

https://github.com/advplyr/audiobookshelf/commit/503f4611b221a5bde19024e657021670df204478
https://github.com/advplyr/audiobookshelf/security/advisories/GHSA-69cp-m725-wf78

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-27963
Severity: Medium
CVSS Score: 4.8
Type: stored_xss
Status: confirmed

CWE

CWE-79

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N