CRITICAL🇵🇱 Wersja polska

CVE-2024-41259

CVSS 9.1v3.1pub. 2024-08-01upd. 2025-08-26

Use of insecure hashing algorithm in the Gravatar's service in Navidrome v0.52.3 allows attackers to manipulate a user's account information.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
  • Navidrome

    APP
    Navidrome
    ≤ 0.52.3
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2026-25579CRITICAL9.2PL ✓ten sam produkt

Navidrome: niekontrolowany wzrost pamięci i wyczerpanie dysku przez parametr rozmiaru obrazka

CVE-2024-47062CRITICAL9.4PL ✓ten sam produkt

SQL Injection i ORM Leak w Navidrome — wyciek danych i brute-force haseł

CVE-2025-48949HIGH8.9ten sam produkt

Navidrome is an open source web-based music collection server and streamer. Versions 0.55.0 through 0.55.2 hav...

CVE-2025-48948HIGH7.4ten sam produkt

Navidrome is an open source web-based music collection server and streamer. A permission verification flaw in ...

CVE-2024-56362HIGH7.1ten sam produkt

Navidrome is an open source web-based music collection server and streamer. Navidrome stores the JWT secret in...