PatchSiren cyber security CVE debrief

CVE-2026-50232 LMS Community CVE debrief

CVE-2026-50232 is a stored cross-site scripting (XSS) vulnerability in Lyrion Music Server 9.2.0. The vulnerability allows attackers to inject malicious scripts through media file metadata tags such as GENRE, ARTIST, and ALBUM. These scripts execute in the web interface when users view track information or play files, potentially enabling access to management functions and settings disclosure. The CVSS score for this vulnerability is 5.1, indicating a medium severity.

Vendor: LMS Community
Product: Lyrion Music Server
CVSS: MEDIUM 5.1
CISA KEV: Not listed in stored evidence
Original CVE published: 2026-06-05
Original CVE updated: 2026-06-08
Advisory published: 2026-06-05
Advisory updated: 2026-06-08

Who should care

Users of Lyrion Music Server 9.2.0 should be aware of this vulnerability and take steps to mitigate it.

Technical summary

The vulnerability exists due to improper sanitization of user-input metadata tags. Attackers can craft files with XSS payloads in metadata tags that execute in the web interface when users view track information or play files.

Defensive priority

Medium

Recommended defensive actions

Apply patches or updates provided by the vendor to fix the vulnerability.
Restrict access to the web interface to trusted users only.
Implement additional security measures such as input validation and output encoding.

Evidence notes

The CVE record and NVD detail pages provide information on the vulnerability, including its description, CVSS score, and references.

Official resources

CVE-2026-50232 CVE record
CVE.org
CVE-2026-50232 NVD detail
NVD
Source item URL
nvd_modified
Source reference
[email protected]
Source reference
[email protected]
Source reference
134c704f-9b21-4f2e-91b3-4a467353bcc0

CVE-2026-50232 was published on [cvePublishedAt] and modified on [cveModifiedAt].