Use of insecure hashing algorithm in the Gravatar's service in Navidrome v0.52.3 allows attackers to manipulate a user's account information.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NNavidrome
APPNavidrome≤ 0.52.3
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
Related vulnerabilities
CVE-2026-25579CRITICAL9.2PL ✓ten sam produkt
Navidrome: niekontrolowany wzrost pamięci i wyczerpanie dysku przez parametr rozmiaru obrazka
CVE-2024-47062CRITICAL9.4PL ✓ten sam produkt
SQL Injection i ORM Leak w Navidrome — wyciek danych i brute-force haseł
CVE-2025-48949HIGH8.9ten sam produkt
Navidrome is an open source web-based music collection server and streamer. Versions 0.55.0 through 0.55.2 hav...
CVE-2025-48948HIGH7.4ten sam produkt
Navidrome is an open source web-based music collection server and streamer. A permission verification flaw in ...
CVE-2024-56362HIGH7.1ten sam produkt
Navidrome is an open source web-based music collection server and streamer. Navidrome stores the JWT secret in...