Browse all 5 CVE security advisories affecting AzuraCast. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Azuracast serves as an open-source internet radio broadcasting platform, enabling users to manage and stream audio content. Historically, vulnerabilities have included remote code execution, cross-site scripting, and privilege escalation, often stemming from improper input validation and access control flaws. The platform's security posture has been impacted by CVEs such as those allowing unauthorized administrative access and stored XSS attacks through its web interface. While no major public security incidents have been widely documented, the presence of multiple CVEs highlights ongoing challenges in securing its web components and API endpoints, particularly around user authentication and content management features.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-42605 | AzuraCast: Path Traversal in `currentDirectory` Parameter Enables Remote Code Execution via Media Upload — AzuraCastCWE-22 | 8.8 | High | 2026-05-09 |
| CVE-2026-42606 | AzuraCast: Password Reset Poisoning via Untrusted X-Forwarded-Host Header Leads to Account Takeover and 2FA Bypass — AzuraCastCWE-640 | 8.1 | High | 2026-05-09 |
| CVE-2025-67737 | AzuraCast Vulnerable to Pre-Auth File Deletion & Admin RCE — AzuraCastCWE-862 | 3.1 | Low | 2025-12-12 |
| CVE-2023-2531 | Improper Restriction of Excessive Authentication Attempts in azuracast/azuracast — azuracast/azuracastCWE-307 | 7.5 | - | 2023-05-05 |
| CVE-2023-2191 | Cross-site Scripting (XSS) - Stored in azuracast/azuracast — azuracast/azuracastCWE-79 | 5.4 | - | 2023-04-20 |
This page lists every published CVE security advisory associated with AzuraCast. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.