CVE-2026-50234

Lyrion Music Server 9.2.0 Path Traversal File Read

CVSS 8.7 HIGHEPSS 0.6%CWE-22

Lyrion Music Server 9.2.0 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting directory traversal in the web server context. Attackers can manipulate file path parameters to access sensitive files outside the intended directory structure.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Affected products

LMS Community · Lyrion Music Server

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.vulncheck.com/advisories/lyrion-music-server-path-traversal-file-read https://www.zeroscience.mk/en/vulnerabilities/ZSL-2026-5992.php