Description
Lyrion Music Server 9.2.0 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting directory traversal in the web server context. Attackers can manipulate file path parameters to access sensitive files outside the intended directory structure.
References (2)
Core 2
Core References
Third Party Advisory third-party-advisory
Zero Science Lab Disclosure
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2026-5992.php
Third Party Advisory third-party-advisory
VulnCheck Advisory: Lyrion Music Server 9.2.0 Path Traversal File Read
https://www.vulncheck.com/advisories/lyrion-music-server-path-traversal-file-read
Scores
CVSS v3
7.5
EPSS
0.0064
EPSS Percentile
45.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-22
Status
published
Products (1)
LMS Community/Lyrion Music Server
9.2.0
Published
Jun 05, 2026
Tracked Since
Jun 05, 2026