CVE-2026-15276
Publication date 10 July 2026
Last updated 10 July 2026
Ubuntu priority
Cvss 3 Severity Score
Description
A flaw has been found in pdeljanov Symphonia up to 0.6.0. This vulnerability affects unknown code of the component Metadata Handler. This manipulation causes denial of service. The attack needs to be launched locally. The exploit has been published and may be used. The pull request to fix this issue awaits acceptance.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| rust-symphonia | 26.04 LTS resolute |
Needs evaluation
|
| 24.04 LTS noble |
Needs evaluation
|
|
| 22.04 LTS jammy | Not in release |
Severity score breakdown
CVSS version:
Base score
1.9 · Low
Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
Base score
3.3 · Low
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
References
Other references
- https://www.cve.org/CVERecord?id=CVE-2026-15276
- https://github.com/pdeljanov/Symphonia/
- https://github.com/pdeljanov/Symphonia/issues/508
- https://github.com/pdeljanov/Symphonia/pull/514
- https://vuldb.com/cve/CVE-2026-15276
- https://vuldb.com/submit/852458
- https://vuldb.com/vuln/377216
- https://vuldb.com/vuln/377216/cti