Home

Description

A NULL pointer dereference in the safe_atou64 function (src/misc.c) of owntone-server through commit c4d57aa allows attackers to cause a Denial of Service (DoS) via sending a series of crafted HTTP requests to the server.

PUBLISHED Reserved 2026-02-16 | Published 2026-03-23 | Updated 2026-03-23 | Assigner mitre

References

github.com/archersec/poc/tree/master/owntone-server-2

github.com/...ommit/41e3733cccd527918a08cf05694c5493341bb70f

github.com/...owntone-server/owntone-server-advisory-2026.md

cve.org (CVE-2026-26829)

nvd.nist.gov (CVE-2026-26829)

Download JSON