CVE-2026-50234
published 2026-06-05CVE-2026-50234: Lyrion Music Server 9.2.0 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting directory…
PriorityP353high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
0.64%
46.1th percentile
Lyrion Music Server 9.2.0 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting directory traversal in the web server context. Attackers can manipulate file path parameters to access sensitive files outside the intended directory structure.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| lms_community | lyrion_music_server | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv4.08.7HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Lyrion Music Server 9.2.0 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting directory traversal in the web server context.
ghsa_unreviewed·2026-06-05
CVE-2026-50234 [HIGH] CWE-22 Lyrion Music Server 9.2.0 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting directory traversal in the web server context.
Lyrion Music Server 9.2.0 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting directory traversal in the web server context. Attackers can manipulate file path parameters to access sensitive files outside the intended directory structure.
VulDB
LMS Community Lyrion Music Server 9.2.0 path traversal (ZSL-2026-5992 / EUVD-2026-34833)
vuldb·2026-06-05·CVSS 8.7
CVE-2026-50234 [HIGH] LMS Community Lyrion Music Server 9.2.0 path traversal (ZSL-2026-5992 / EUVD-2026-34833)
A vulnerability labeled as critical has been found in LMS Community Lyrion Music Server 9.2.0. The affected element is an unknown function. Such manipulation leads to path traversal.
This vulnerability is traded as CVE-2026-50234. The attack may be launched remotely. There is no exploit available.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-06-05
Published