{"id":"GO-2026-4411","summary":"Navidrome affected by Denial of Service and disk exhaustion via oversized `size` parameter in `/rest/getCoverArt` and `/share/img/\u003ctoken\u003e` endpoints in github.com/navidrome/navidrome","details":"Navidrome affected by Denial of Service and disk exhaustion via oversized `size` parameter in `/rest/getCoverArt` and `/share/img/\u003ctoken\u003e` endpoints in github.com/navidrome/navidrome","aliases":["CVE-2026-25579","GHSA-hrr4-3wgr-68x3"],"modified":"2026-02-05T10:11:14.296596Z","published":"2026-02-05T03:20:45Z","database_specific":{"url":"https://pkg.go.dev/vuln/GO-2026-4411","review_status":"UNREVIEWED"},"references":[{"type":"ADVISORY","url":"https://github.com/navidrome/navidrome/security/advisories/GHSA-hrr4-3wgr-68x3"}],"affected":[{"package":{"name":"github.com/navidrome/navidrome","ecosystem":"Go","purl":"pkg:golang/github.com/navidrome/navidrome"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"0.60.0"}]}],"ecosystem_specific":{},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2026-4411.json"}}],"schema_version":"1.7.3"}