MEDIUM 5.8

CVE-2026-49129: MPD Server-Side Request Forgery via Protocol Redirect

Music Player Daemon (MPD) versions before 0.24.11 contain a server-side request forgery (SSRF) vulnerability in its URL-fetching code. An attacker can craft a malicious HTTP server that redirects MPD to access protocols like FTP, LDAP, or others that the application should not reach. By triggering MPD commands that fetch remote content—such as adding tracks, reading metadata, or loading playlists—an attacker can probe or interact with internal network services on vulnerable systems, potentially exposing sensitive information or enabling further attacks. No authentication is required, and the attack works over the network.

Source data · NVD / CISA · public domain

CVSS
3.1 · 5.8 MEDIUM · CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Weaknesses (CWE)
CWE-918
Affected products
0 configuration(s)
Published / Modified
2026-05-28 / 2026-06-17

NVD description (verbatim)

Music Player Daemon (MPD) before version 0.24.11 contains a server-side request forgery vulnerability in CurlInputPlugin where CURLOPT_FOLLOWLOCATION is set without CURLOPT_REDIR_PROTOCOLS_STR, allowing unauthenticated attackers to bypass the http/https scheme restriction by causing a malicious HTTP server to redirect to non-HTTP protocols such as gopher, ftp, sftp, ldap, dict, rtmp, or rtsp. Attackers can trigger this vulnerability via MPD commands that initiate URL fetches, including add, readcomments, albumart, readpicture, or load, to interact with internal or restricted network services on systems running libcurl versions prior to 7.85.0.

7 reference(s) · View on NVD →

SEC.co analysis · AI-assisted, reviewed against source

Technical summary

The vulnerability exists in MPD's CurlInputPlugin, which handles remote URL fetching. The plugin uses libcurl's CURLOPT_FOLLOWLOCATION option to transparently follow HTTP redirects, but does not restrict which protocols libcurl may redirect to via CURLOPT_REDIR_PROTOCOLS_STR. This combination allows an attacker to host a malicious HTTP server that responds to an MPD client request with a 3xx redirect to a non-HTTP protocol (gopher, ftp, sftp, ldap, dict, rtmp, rtsp). libcurl versions before 7.85.0 default to permissive protocol whitelisting during redirects. The attacker can trigger URL fetches by issuing MPD commands such as add, readcomments, albumart, readpicture, or load. The SSRF enables reconnaissance of internal networks, interaction with restricted services, or potential information disclosure.

Business impact

An attacker can use this vulnerability to map internal network topology, probe for listening services on private subnets, or interact with non-HTTP protocols on systems that should be isolated. On systems where MPD runs with elevated privileges or network access, this could facilitate lateral movement, exposure of metadata from internal repositories, or abuse of backend services (LDAP directories, FTP servers, etc.). The attack requires no authentication and can be triggered remotely, making it a practical threat in environments where MPD is exposed to untrusted networks or serves user-supplied URLs.

Affected systems

Music Player Daemon versions before 0.24.11 are affected. The attack also depends on the victim system running libcurl versions prior to 7.85.0; newer libcurl may mitigate the issue through stricter default protocol filtering. Any installation that processes remote URLs via MPD commands is at risk, including streaming servers, media centers, and automated playlist loaders that accept untrusted input.

Exploitability

This vulnerability is straightforward to exploit: no special client-side tools are needed beyond an HTTP server under the attacker's control. The attacker sets up a redirect from an HTTP endpoint to a target protocol and waits for MPD to request it. The attack vector is network-based, requires no authentication, and can be triggered via standard MPD protocol commands. The complexity is low, making it practical for opportunistic attackers. However, the impact is limited to information disclosure and internal service interaction; remote code execution is not directly achieved.

Remediation

Update Music Player Daemon to version 0.24.11 or later, which explicitly restricts libcurl redirect protocols. Additionally, ensure libcurl is updated to version 7.85.0 or newer for defense-in-depth. Organizations should also restrict MPD's network access through firewall rules and avoid exposing MPD to untrusted networks. If immediate patching is not possible, disable remote URL fetching features or validate and whitelist all URLs that MPD processes.

Patch guidance

Verify the latest MPD release version against the official Music Player Daemon website and apply updates through your distribution's package manager or compile from source. For libcurl dependencies, confirm the version is 7.85.0 or later. Test the updated version in a staging environment to ensure compatibility with existing configurations and playlists. After patching, review MPD's network configuration to ensure it is not unnecessarily exposed.

Detection guidance

Monitor MPD logs for unusual URL requests, particularly those containing protocol schemes other than http or https. Watch for repeated connection attempts from MPD to internal services (FTP, LDAP, gopher ports). Network-level detection can identify traffic from MPD to unexpected protocols or internal IP ranges. Correlate MPD command logs (add, readcomments, albumart, readpicture, load) with unexpected network activity. Anomalous patterns—such as MPD requests followed by connections to internal services—may indicate exploit attempts.

Why prioritize this

This vulnerability merits prompt patching because it enables unauthenticated network-based SSRF attacks on a widely-deployed open-source media player. While the CVSS score is MEDIUM (5.8), the ease of exploitation and potential for lateral movement or information disclosure make it a practical threat in environments where MPD is internet-facing or processes untrusted URLs. Organizations running MPD in media centers, streaming infrastructure, or automation pipelines should prioritize patching. The vulnerability is not in the CISA KEV catalog, indicating lower active exploitation, but should not be deferred indefinitely.

Risk score, explained

The CVSS 3.1 score of 5.8 (MEDIUM) reflects a low attack complexity, no privilege requirement, and network-adjacent attack vector, but limited scope and impact (confidentiality only, no integrity or availability impact). The score appropriately captures the SSRF nature: an attacker can learn information about internal networks and services. However, the practical exploitability and potential for chaining with other vulnerabilities may warrant consideration of organizational context when prioritizing.

Frequently asked questions

Can this vulnerability lead to remote code execution?

No. The SSRF allows an attacker to redirect MPD's libcurl client to non-HTTP protocols and interact with internal services, but does not directly execute code on the MPD server. However, if the internal service being contacted has its own vulnerabilities, chaining attacks may be possible.

What if we run MPD on an isolated internal network?

Risk is reduced but not eliminated. If an attacker can reach MPD (e.g., via a compromised media source or internal compromise), they can still use it to probe or attack other internal services. Apply patches regardless to reduce lateral movement risk.

Does updating libcurl alone fix this?

Updating libcurl to 7.85.0+ adds defense-in-depth by restricting redirect protocols, but you should also update MPD to 0.24.11+ where the plugin is explicitly configured to restrict protocols. Do both for complete remediation.

How do I know if someone exploited this against our MPD instance?

Review MPD logs for add, readcomments, albumart, readpicture, or load commands followed by unusual network connections. Check network logs for outbound connections from the MPD server to internal FTP, LDAP, or other non-HTTP ports. Anomalies are the strongest indicator.

This analysis is provided for informational purposes. Verify all technical details, affected versions, and patch availability against official vendor advisories before taking action. CVSS scores and severity classifications are based on the Common Vulnerability Scoring System and reflect general risk profiles; your organization's risk tolerance and network context may differ. No exploit code or weaponization details are provided. Always test patches in a controlled environment before production deployment. SEC.co makes no warranty regarding the completeness or timeliness of this information. Source: NVD (public-domain), retrieved 2026-07-07. Analysis generated by SEC.co (claude-haiku-4-5).