CVE-2026-27973

Name of the Vulnerable Software and Affected Versions Audiobookshelf versions prior to 0.12.0-beta

Description Audiobookshelf is a self-hosted audiobook and podcast server. A stored cross-site scripting (XSS) issue exists in versions prior to 0.12.0-beta of the Audiobookshelf mobile application. This allows arbitrary JavaScript execution through malicious library metadata. An attacker with library modification privileges can execute code in a victim user’s browser or WebView, potentially leading to session hijacking, data exfiltration, and unauthorized access to native device APIs.

Recommendations Update to version 0.12.0-beta or later.