All 3 CVE vulnerabilities found in AzuraCast, with AI-generated Chinese analysis, references, and POCs.
Vendor: AzuraCast
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-42605 | AzuraCast: Path Traversal in `currentDirectory` Parameter Enables Remote Code Execution via Media Upload CWE-22 | 8.8 | High | 2026-05-09 |
| CVE-2026-42606 | AzuraCast: Password Reset Poisoning via Untrusted X-Forwarded-Host Header Leads to Account Takeover and 2FA Bypass CWE-640 | 8.1 | High | 2026-05-09 |
| CVE-2025-67737 | AzuraCast Vulnerable to Pre-Auth File Deletion & Admin RCE CWE-862 | 3.1 | Low | 2025-12-12 |
All 3 known CVE vulnerabilities affecting AzuraCast with full Chinese analysis, references, and POCs where available.