Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
Sonaar MP3 Player Sends Malicious Requests to Untrusted Servers
CVE-2026-39647
Summary
The Sonaar MP3 Audio Player for Music, Radio & Podcast can be tricked into sending requests to any server on the internet, potentially exposing sensitive information. This could lead to unauthorized access to internal systems or data. Update to the latest version (5.12 or higher) to fix this issue.
Original title
Server-Side Request Forgery (SSRF) vulnerability in sonaar MP3 Audio Player for Music, Radio & Podcast by Sonaar mp3-music-player-by-sonaar allows Server Side Request Forgery.This issue affects MP3...
Original description
Server-Side Request Forgery (SSRF) vulnerability in sonaar MP3 Audio Player for Music, Radio & Podcast by Sonaar mp3-music-player-by-sonaar allows Server Side Request Forgery.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through <= 5.11.
Vulnerability type
CWE-918
Server-Side Request Forgery (SSRF)
Published: 8 Apr 2026 · Updated: 9 Apr 2026 · First seen: 8 Apr 2026