A vulnerability labeled as critical has been found in owntone owntone-server up to 29.0.x . The affected element is an unknown function of the component Expressions Handler . Such manipulation leads to sql injection. This vulnerability is referenced as CVE-2026-41457 . It is possible to launch the attack remotely. No exploit is available. The affected component should be upgraded.