CVE-2026-41458 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

OwnTone Server versions 28.4 through 29.0 contain a race condition vulnerability in the DAAP login handler that allows unauthenticated attackers to crash the se…
High CVSS: 8.2

CVE-2026-41458

OwnTone Server versions 28.4 through 29.0 contain a race condition vulnerability in the DAAP login handler that allows unauthenticated attackers to crash the server by exploiting unsynchronized access to the global DAAP session list. Attackers can flood the DAAP /login endpoint with concurrent requests to trigger a remote denial of service condition without requiring authentication.
Vendor
-
Product
-
CWE
CWE-362
Yayın Tarihi
2026-04-22 03:16:01
Güncelleme
2026-04-22 03:16:01
Source Identifier
disclosure@vulncheck.com
KEV Date Added
-

Kategoriler

CWE-362 HIGH 2026

Referanslar

https://github.com/owntone/owntone-server/commit/dca94641a5ed66500822dd51281774794cdb6c22 https://github.com/owntone/owntone-server/pull/1980 https://www.vulncheck.com/advisories/owntone-server-race-condition-dos-via-daap-login