CVE-2026-49130: Music Player Daemon CRLF Injection in XSPF Playlists
Music Player Daemon (MPD) versions before 0.24.11 have a flaw that allows attackers to inject hidden line breaks and special characters into playlist files. By crafting a malicious XSPF playlist file (a common music playlist format), an attacker can trick MPD into including forged commands or data in its responses, potentially deceiving clients or users who rely on MPD's output. This is a network-based attack requiring no special permissions or user interaction, though the real-world impact depends on how downstream systems handle the injected content.
Source data · NVD / CISA · public domain
- CVSS
- 3.1 · 5.3 MEDIUM · CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
- Weaknesses (CWE)
- CWE-93
- Affected products
- 0 configuration(s)
- Published / Modified
- 2026-05-28 / 2026-06-17
NVD description (verbatim)
Music Player Daemon (MPD) before version 0.24.11 contains a CRLF injection vulnerability in the xspf_char_data function within the XSPF playlist plugin that allows attackers to embed literal CR/LF bytes in URI fields by supplying a malicious XSPF playlist with XML numeric character references. Attackers can inject forged key-value lines through the location field into MPD protocol responses including playlistinfo, currentsong, and listplaylist outputs, as well as the state file writer, by exploiting Expat's decoding of numeric character references prior to the character data callback.
7 reference(s) · View on NVD →
SEC.co analysis · AI-assisted, reviewed against source
Technical summary
The vulnerability resides in the xspf_char_data function of MPD's XSPF playlist plugin. It stems from a CRLF injection opportunity where the Expat XML parser decodes numeric character references (e.g., for carriage return, for line feed) before passing data to the character data callback. The plugin fails to sanitize or validate URI field content, allowing attackers to embed literal CR/LF bytes that break out of the intended URI context. These injected bytes can corrupt MPD protocol responses (playlistinfo, currentsong, listplaylist commands) and the state file, enabling header injection or protocol-level manipulation.
Business impact
The risk here is primarily integrity-focused. An attacker positioned to serve malicious playlists to MPD instances could inject fake data into protocol responses, potentially leading to cache poisoning of MPD client state, confusion in music playback tracking, or injection of misleading information into logs and state files. This is most concerning in environments where MPD responses feed into automated systems, monitoring dashboards, or scripts that parse output without strict validation. Direct confidentiality or availability impact is unlikely under typical deployment scenarios.
Affected systems
Music Player Daemon (MPD) versions prior to 0.24.11 are vulnerable. All deployments loading and processing XSPF playlists are at risk, including headless media server setups, containerized music services, and distributed playback systems. Any client or service that trusts MPD's protocol output without deep validation could be affected by injected content.
Exploitability
Exploitability is straightforward: an attacker needs only to craft a malicious XSPF playlist file and have it loaded by a vulnerable MPD instance. No authentication or special privileges are required. The barrier to exploitation is low—crafting an XSPF file with XML numeric character references is trivial. However, the attacker must have a means to deliver the playlist (e.g., hosting a playlist URL that MPD loads, or placing a file on a shared filesystem). The attack does not require user interaction in the technical sense, but it does depend on MPD actually processing a playlist under attacker control.
Remediation
Upgrade Music Player Daemon to version 0.24.11 or later. The patch addresses the vulnerability by properly sanitizing character data in the XSPF plugin to prevent CRLF injection. After patching, audit any playlists that may have been processed by vulnerable versions and review any downstream systems that consume MPD output for signs of injected content or protocol anomalies.
Patch guidance
Update MPD to version 0.24.11 or later. Verify availability through your distribution's package manager (most Linux distributions maintain MPD packages) or build from the official MPD repository. Before updating, document current MPD configuration and playlists for post-patch validation. Test the update in a non-production environment first to ensure compatibility with your playback clients and automation scripts. Restart the MPD daemon after patching.
Detection guidance
Monitor MPD protocol responses and state files for unexpected CR/LF sequences or protocol-level artifacts (e.g., lines beginning with special characters or unintended command-like strings in song metadata or URIs). Check access logs and playlist load events around the time of suspicious MPD behavior. Examine any XSPF playlists loaded from untrusted or external sources for numeric character references in URI or metadata fields, particularly , , 
, or 
. Consider adding input validation in client applications that parse MPD responses.
Why prioritize this
While this vulnerability carries a CVSS score of 5.3 (Medium), it should not be dismissed as low-priority. It is a clean, network-exploitable integrity issue with no authentication requirement and trivial payload construction. Organizations with exposed or network-accessible MPD instances, or those using MPD in media pipeline automation, should prioritize patching to prevent cache poisoning and protocol injection attacks. Conversely, isolated, local-use MPD instances face minimal real-world risk.
Risk score, explained
The CVSS 3.1 score of 5.3 reflects a Medium severity rating: the attack vector is network-based with low complexity, requires no privileges or user interaction, and has no impact on confidentiality or availability. However, integrity is compromised, allowing injection of forged data into protocol responses and files. The score appropriately captures the technical exploitability but may understate risk in environments where MPD output drives critical automation or feeds into downstream monitoring systems.
Frequently asked questions
Can this vulnerability be exploited if MPD only loads local playlists?
No, not practically. The vulnerability requires an attacker to supply a malicious XSPF playlist. If MPD only loads playlists from local trusted sources with restricted file permissions, the attack surface is eliminated. Risk exists primarily in scenarios where MPD loads playlists from network sources, untrusted user uploads, or shared filesystems.
What is the difference between CRLF injection and other injection attacks?
CRLF injection specifically exploits the ability to insert carriage return (CR, \r) and line feed (LF, \n) characters to break protocol framing or split records. In this case, injected CRLFs allow an attacker to forge new lines in MPD protocol responses, potentially adding fake song metadata or protocol commands where a parser expects a single value.
Will updating MPD break my existing playlists?
Unlikely. The update to 0.24.11 addresses the vulnerability by rejecting or sanitizing malicious payloads; legitimate XSPF playlists will continue to load and play normally. However, test your configuration in a staging environment first if you have custom playback automation.
Is this vulnerability actively exploited in the wild?
The CVE has not been designated as exploited in the wild (KEV status: No). However, exploitation is straightforward in principle, so apply the patch proactively rather than waiting for widespread attack reports.
This analysis is provided for informational purposes to assist security professionals and system administrators in vulnerability assessment and remediation planning. SEC.co does not provide legal advice, and organizations must verify all patch versions, compatibility, and deployment guidance against official vendor advisories and their own test environments. The technical details and risk assessments here are based on publicly available vulnerability data and should be cross-referenced with your own threat model and operational context. Source: NVD (public-domain), retrieved 2026-07-07. Analysis generated by SEC.co (claude-haiku-4-5).
Weaknesses (CWE)
Related vulnerabilities
- CVE-2026-46739MEDIUMNet::Statsd Metric Injection Vulnerability (Perl)
- CVE-2026-46741HIGHEtsy::StatsD Metric Injection Vulnerability (CVSS 7.5)
- CVE-2018-25384MEDIUMStored XSS in Wikidforum 2.20 Allows Authenticated Attackers to Inject Malicious Scripts
- CVE-2018-25387MEDIUMHaPe PKH 1.1 Cross-Site Request Forgery (CSRF) Admin Password Reset
- CVE-2018-25393MEDIUMNavigate CMS 2.8.5 Path Traversal Vulnerability (CVSS 6.5)
- CVE-2018-25397MEDIUMCSRF Vulnerability in PHP-SHOP 1.0 – Admin Account Injection
- CVE-2018-25421MEDIUMOpen STA Manager 2.3 Path Traversal File Download Vulnerability
- CVE-2018-25423MEDIUMBuffer Overflow Denial of Service in Arm Whois 3.11