Security Advisory

CVE-2026-25578

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-02-04 21:58:42
Last updated 2026-02-05 14:31:27
Assigner GitHub_M
State PUBLISHED

Description

Navidrome is an open source web-based music collection server and streamer. Prior to version 0.60.0, a cross-site scripting vulnerability in the frontend allows a malicious attacker to inject code through the comment metadata of a song to exfiltrate user credentials. This issue has been patched in version 0.60.0.